Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update CORS to respond with specific origin #5601

Closed
wants to merge 1 commit into from
Closed

Update CORS to respond with specific origin #5601

wants to merge 1 commit into from

Conversation

calvinfo
Copy link

When put behind basic auth, CORS requests don't allow the use of
a wildcard ("*") for Access-Control-Allow-Origin:

http://www.w3.org/TR/cors/#resource-requests

We ran into this while having nginx with basic auth proxy to our es
node. It should effectively be the same as what is there for CORS
requests, but respond with the origin. Happy to update for any
changes neccessary.

@calvinfo
Update CORS to respond with specific origin
9675992 
When put behind basic auth, CORS requests don't allow the use of
a wildcard ("*") for Access-Control-Allow-Origin:

http://www.w3.org/TR/cors/#resource-requests

This commit fixes that and responds directly with the requested
origin.
@jeromeross
Copy link

came here to submit this exact issue :)
applied your patch and works seamlessly! 👍
thank you.

@kimchy, would you review this please?

@FestivalBobcats
Copy link

Was just about to make this pull request myself as well. This is the only way to have CORS with HTTP Basic authentication (without using a proxy).

A big +1 from the Qbox.io team.

@kimchy
Copy link
Member

kimchy commented Jun 24, 2014

we will review it, we are thinking about how to better handle CORS on a more broader sense, which will also do this, right @spinscale?

@calvinfo
Copy link
Author

Yeah, either way--I'm not too attached to the PR, so feel free to close!

@spinscale
Copy link
Contributor

Hey there, I am going to supercede this one with a new PR for properly supporting CORS very soon also adding some more features.

@calvinfo calvinfo closed this Jun 25, 2014
@spinscale spinscale mentioned this pull request Jul 18, 2014
Merged
spinscale added a commit to spinscale/elasticsearch that referenced this pull request Jul 25, 2014
@spinscale
CORS: Support regular expressions for origin to match against
a1e335b 
This commit adds regular expression support for the allow-origin
header depending on the value of the request `Origin` header.

The existing HttpRequestBuilder is also extended to support the
OPTIONS HTTP method.

Relates elastic#5601
Closes elastic#6891
spinscale added a commit that referenced this pull request Jul 25, 2014
@spinscale
CORS: Support regular expressions for origin to match against
284da7a 
This commit adds regular expression support for the allow-origin
header depending on the value of the request `Origin` header.

The existing HttpRequestBuilder is also extended to support the
OPTIONS HTTP method.

Relates #5601
Closes #6891
@jasontedor jasontedor mentioned this pull request Jun 19, 2018
Closed
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@calvinfo @jeromeross @FestivalBobcats @kimchy @spinscale