Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Calling all options even if origin header is not present. Fix #18 - Not setting headers on Koa2 / Node 6.2 #87

Merged
merged 1 commit into from
Oct 5, 2022
Merged

Calling all options even if origin header is not present. Fix #18 - Not setting headers on Koa2 / Node 6.2 #87

merged 1 commit into from
Oct 5, 2022

Conversation

CleberRossi
Copy link
Contributor

Calling all options even if origin header is not present. Fix #18 - Not setting headers on Koa2 / Node 6.2

As Origin header is not set in all fetch. I understand that we need to be able to validade, even if the origin is not present. We are still following https://fetch.spec.whatwg.org/#http-origin but grating headers to be added to response on user needs(Options functions to be called).

I even checked on https://expressjs.com/en/resources/middleware/cors.html and I noticed, so far, that the handlers are called even though the request has no origin, Follow the request:

https://www.rfc-editor.org/rfc/rfc6454#section-7.3

Whenever a user agent issues an HTTP request from a "privacy-
sensitive" context, the user agent MUST send the value "null" in the
Origin header field.

NOTE: This document does not define the notion of a privacy- sensitive context. Applications that generate HTTP requests can designate contexts as privacy-sensitive to impose restrictions on how user agents generate Origin header fields.

Fixes #18

Checklist

  • I have ensured my pull request is not behind the main or master branch of the original repository.
  • I have rebased all commits where necessary so that reviewing this pull request can be done without having to merge it first.
  • I have written a commit message that passes commitlint linting.
  • I have ensured that my code changes pass linting tests.
  • I have ensured that my code changes pass unit tests.
  • I have described my pull request and the reasons for code changes along with context if necessary.

@CleberRossi
Calling all options even if origin header is not present. Fix koajs#18
838e94a 
…- Not setting headers on Koa2 / Node 6.2

As Origin header is not set in all fetch. I understand that we need to be able to validade, even if the origin is not present. We are still following https://fetch.spec.whatwg.org/#http-origin but grating headers to be added to response on user needs
@CleberRossi
Copy link
Contributor Author

@fengmk2 @ltomes @TyrealHu Hello, If you guys could check this out for me, please. Makin gyou aware because the issue has been open for while.

I intend to fix another problem on Strapi, by resolving this one : strapi/strapi#14357

if you guys can help me, please :)

@CleberRossi CleberRossi mentioned this pull request Oct 4, 2022
Open
@CleberRossi
Copy link
Contributor Author

@dead-horse @ruimarinho Hello, If you guys could check this out for me, please. Makin gyou aware because the issue has been open for while.

I intend to fix another problem on Strapi, by resolving this one : strapi/strapi#14357

if you guys can help me, please :)

@TyrealHu
Copy link
Contributor

TyrealHu commented Oct 5, 2022
edited

I look the cors of express, this module didn't check the requestOrigin(The Access-Control-Allow-Origin will be *, even if the origin of request is null). Should we align with this standard of express? @fengmk2

@fengmk2 fengmk2 added the bug label Oct 5, 2022
@fengmk2 fengmk2 merged commit 2e8da5b into koajs:master Oct 5, 2022
@fengmk2
Copy link
Member

fengmk2 commented Oct 5, 2022

3.4.2

@CleberRossi CleberRossi mentioned this pull request Oct 6, 2022
Merged
@fengmk2
Copy link
Member

fengmk2 commented Oct 8, 2022

@CleberRossi This is a breaking change, I will revert this commit on 3.x and release it in a major version 4.0.0.

@fengmk2 fengmk2 added the major Breaking change label Oct 8, 2022
fengmk2 added a commit that referenced this pull request Oct 8, 2022
@fengmk2
Revert "fix: Calling all options even if origin header is not present (
208b86c 
…#87)"

This reverts commit 2e8da5b.
fengmk2 pushed a commit that referenced this pull request Oct 8, 2022
@CleberRossi @fengmk2
fix: Calling all options even if origin header is not present (#87)
7358ab3 
As Origin header is not set in all fetch. I understand that we need to be able to validade, even if the origin is not present. We are still following https://fetch.spec.whatwg.org/#http-origin but grating headers to be added to response on user needs

Fix #18
@fengmk2
Copy link
Member

fengmk2 commented Oct 8, 2022

  • @koa/cors@4.0.0

@Convly Convly mentioned this pull request Oct 19, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fengmk2 fengmk2 fengmk2 approved these changes

Assignees
No one assigned
Labels
bug major Breaking change
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Not setting headers on Koa2 / Node 6.2
3 participants
@CleberRossi @TyrealHu @fengmk2