Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use explicit origin when with credentials #1824

Closed
wants to merge 2 commits into from

Conversation

gyusang
Copy link

@gyusang gyusang commented Aug 26, 2022

@Kludex
Copy link
Member

Kludex commented Aug 29, 2022

Can you add a test, please?

@gyusang
Copy link
Author

gyusang commented Aug 29, 2022

Can you add a test, please?

Yes, I have added a test for the added functionality.

@Kludex
Copy link
Member

Kludex commented Sep 2, 2022

I'm not sure about this idea. I don't see any CORS implementation using a custom logic for cookies or authorization headers.

But I do see a different logic when "allow_credentials" is true, that we don't have.

@Kludex
Copy link
Member

Kludex commented Sep 6, 2022

@gyusang I think we still need a bit of discussion around this. I took a bit of time to search around, and I didn't find any implementation that does what we do, nor expand the logic as this PR suggests.

Let's continue this on #1832, please. 🙏

@Kludex Kludex closed this Sep 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

CORSMiddleware does not provide explicit origin although Authorization header is present
2 participants