fix(cors) send '*' in ACAO when 'conf.origins' is empty #2518
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This fixes a regression introduced in 0.10.1, where the migration would set the new `conf.origins` field to an empty table, but the code would only set ACAO to `*` if the table was `nil`, and not empty. We are reluctant to update the migration due to the immutable nature that they should carry (in order to avoid divergence between users who already ran them, and users who will run it after this patch), so this changes the business logic to be more robust instead, which we probably want anyways. This regression was documented post-release, in #2517.
|
@p0pr0ck5 Mind taking a look at this? Thanks! |
p0pr0ck5
reviewed
May 12, 2017
| @@ -138,6 +151,28 @@ describe("Plugin: cors (access)", function() | |||
| assert.is_nil(res.headers["Access-Control-Max-Age"]) | |||
| end) | |||
|
|
|||
| it("gives * wildcard when origins is empty", function() | |||
| -- this test covers a regression introduced in 0.10.1, where | |||
There was a problem hiding this comment.
+1 thank you for this comment!
p0pr0ck5
approved these changes
May 12, 2017
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This fixes a regression introduced in 0.10.1, where the migration would
set the new
conf.originsfield to an empty table, but the code wouldonly set
*if the table wasnil, and not empty.We are reluctant to update the migration due to the immutable nature
that they should carry (in order to avoid divergence between users who
already ran them, and users who will run it after this patch), so this
changes the business logic to be more robust instead, which we probably
want anyways.
This regression was documented post-release, in #2517.
Full changelog
config.originsin the CORS ACAO business logicRelates to #2517