-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Calling all options even if origin header is not present. Fix #18 - Not setting headers on Koa2 / Node 6.2 #87
Calling all options even if origin header is not present. Fix #18 - Not setting headers on Koa2 / Node 6.2 #87
Conversation
…- Not setting headers on Koa2 / Node 6.2 As Origin header is not set in all fetch. I understand that we need to be able to validade, even if the origin is not present. We are still following https://fetch.spec.whatwg.org/#http-origin but grating headers to be added to response on user needs
@fengmk2 @ltomes @TyrealHu Hello, If you guys could check this out for me, please. Makin gyou aware because the issue has been open for while. I intend to fix another problem on Strapi, by resolving this one : strapi/strapi#14357 if you guys can help me, please :) |
@dead-horse @ruimarinho Hello, If you guys could check this out for me, please. Makin gyou aware because the issue has been open for while. I intend to fix another problem on Strapi, by resolving this one : strapi/strapi#14357 if you guys can help me, please :) |
I look the cors of express, this module didn't check the requestOrigin(The Access-Control-Allow-Origin will be *, even if the origin of request is null). Should we align with this standard of express? @fengmk2 |
3.4.2 |
@CleberRossi This is a breaking change, I will revert this commit on 3.x and release it in a major version 4.0.0. |
As Origin header is not set in all fetch. I understand that we need to be able to validade, even if the origin is not present. We are still following https://fetch.spec.whatwg.org/#http-origin but grating headers to be added to response on user needs Fix #18
|
Calling all options even if origin header is not present. Fix #18 - Not setting headers on Koa2 / Node 6.2
As Origin header is not set in all fetch. I understand that we need to be able to validade, even if the origin is not present. We are still following https://fetch.spec.whatwg.org/#http-origin but grating headers to be added to response on user needs(Options functions to be called).
I even checked on https://expressjs.com/en/resources/middleware/cors.html and I noticed, so far, that the handlers are called even though the request has no origin, Follow the request:
https://www.rfc-editor.org/rfc/rfc6454#section-7.3
Fixes #18
Checklist