Only Vary the request when necessary about stack-cors HOT 19 CLOSED

So the opposite of #49 ?

I understand the case, if you don't use credentials, I think * is probably fine and better for caching indeed.

from stack-cors.

So the opposite of #49 ?

Uhh... kind of. From reading #49 it seems a little misguided. If the the request needs to be varried by the Origin then it should always add it (even if it's not necessarily a cors request, as it could become one). If it doesn't need to be, it shouldn't be. I think adding this as configuration is more confusing.

In other words, this logic doesn't make any sense:

I think it should follow this logic:

if ( $config['supportsCredentials'] === true || $config['allowedOrigins'] !== ['*']) {
  // Set or append `Origin` to `Vary` header on all requests.
}

from stack-cors.

FYI: This is still an issue because of:

from stack-cors.

Lastly, we should deal with this:

at a minimum, it should check that the method is OPTIONS first:

from stack-cors.

Can we close this now?

from stack-cors.

Can we close this now?

Yep! It looks so beautiful! :) Thank you so much!

from stack-cors.

Okay I've tagged a 2.0.0-beta1 so please test it out :)

from stack-cors.

Okay I've tagged a 2.0.0-beta1 so please test it out :)

Oh where was the breaking change?

from stack-cors.

Well, the behavior has changed a bit imho, not sure if that qualifies as actually breaking. Is that a problem?

from stack-cors.

Well, the behavior has changed a bit imho, not sure if that qualifies as actually breaking. Is that a problem?

I have no idea, I can submit the Drupal patch. :)

from stack-cors.

Looking at https://semver.org/ it seems like this would be a minor since we didn't change the public API at all. The breaking change would be removing the methods we no longer use. :) but your call. :)

from stack-cors.

I guess the question is: Does this change break backwards compatability? It doesn't seem like it does. I could argue that it's actually a bug fix and not even a new feature.

from stack-cors.

Seems like it would be wise to release a beta version of the point release (i.e. 1.4.0-beta1) though.

from stack-cors.

A breaking change to semantics is also a breaking change, even if there's no breaking changes to the signatures.

from stack-cors.

2.0.0-beta1 was the right choice.

from stack-cors.

A breaking change to semantics is also a breaking change, even if there's no breaking changes to the signatures.

https://semver.org/ defines a breaking change as a change in the "Public API" not to the semantics, but true you may define the Public API however you want. :)

from stack-cors.

A change to the semantics IS a breaking change to the public API...

from stack-cors.

A change to the semantics IS a breaking change to the public API...

well I'm not sure how anyone could argue with that level of circular reasoning.

from stack-cors.

Here's the issue in Drupal's Queue
https://www.drupal.org/project/drupal/issues/3128982

from stack-cors.