Comments (6)
evert0n
commented on July 18, 2024
Hi sorry the delay, I will check this issue this weekend. Thanks
from koa-cors.
bodokaiser
commented on July 18, 2024
No problem.
You should also change your wildcard support for origin.
Using an asterisk is not allowed as origin header following the specs however you can workaround by setting the origin header to the host header of the client. This should be the default behavior I suggest.
Am 16.05.2014 um 12:59 schrieb Everton Yoshitani [email protected]:
Hi sorry the delay, I will check this issue this weekend. Thanks
β
Reply to this email directly or view it on GitHub.
from koa-cors.
evert0n
commented on July 18, 2024
Hi @bodokaiser Thanks to bring this up and sorry for the delay got busy past weeks. So the first issue is fixed now it's moved to the bottom, if you can please confirm that this sorted out the issue for you.
Regarding the default behaviour for origin header, I'm not sure can you provide more info on that? I double checked the spec and I find the asterisk documented as an alternative for wildcard.
http://www.w3.org/TR/cors/#access-control-allow-origin-response-header
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Origin
from koa-cors.
bodokaiser
commented on July 18, 2024
@evert0n sry I cannot test this right away but I think this should solve the problem.
Regarding the default behavior:
The string "*" cannot be used for a resource that supports credentials.
This means that in case of using credentials (e.g. cookies, authorization headers, blabla) we cannot use a wildcard. However at least for development it sucks to 1) update your hosts file to fake the origin and to move your dev apps to port 80 or 443...
from koa-cors.
evert0n
commented on July 18, 2024
Thanks I changed a bit the behaviour of the default origin so it will give priority to the req.header.origin and fallback to * if not available. If that don't works for you, you can still code a function for the origin options and from there do whatever you need to set the right host.
from koa-cors.
bodokaiser
commented on July 18, 2024
Thanks I guess this covers all cases :)
I will replace my cors logic with koa-cors the upcoming days again. :)
Am 21.05.2014 um 16:52 schrieb Everton Yoshitani [email protected]:
Thanks I changed a bit the behaviour of the default origin so it will give priority to the req.header.origin and fallback to * if not available. If that don't works for you, you can still code a function for the origin options and from there do whatever you need to set the right host.
β
Reply to this email directly or view it on GitHub.
from koa-cors.
Related Issues (20)
- errors when passing origin as option HOT 1
- Chrome content-type on POST HOT 5
- Cors headers on non OPTIONS HOT 2
- handling errors HOT 4
- 'settings' should be immutable HOT 1
- Add "Vary: Origin" to response when the server specifies an origin host rather than "*" HOT 2
- Accept a whitelist of origins? HOT 3
- expose PATCH by default HOT 7
- Add setting to yield next on OPTION request HOT 4
- Canβt get CORS working with KOA
- Getting request origin within the origin function HOT 1
- overrides Access-Control-Allow-Methods
- with koa static page serving HOT 2
- Is it possible to declare multiple origins to allow? HOT 1
- Support koa@2 HOT 21
- methods option doesn't work in v2? HOT 1
- Support Typescript @types HOT 6
- Headers not sent on throw HOT 1
- Hi, Does this project is still maintained? HOT 2
- Should CORS be abandoned?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from koa-cors.