New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent adding Link headers for CORS preflight requets #3265
Conversation
I think this approach is risky. During my exploration from many years ago, I came upon this conclusion: nelmio/NelmioCorsBundle#54 (comment) |
Really, |
But is there a better short term solution as NelmioCors won't change soon? It doesn't hurt for these 2 specific headers to not be generated for preflight requests (actually, it will even help reducing servers' load). It's not a general solution, but for Mercure and Hydra it's good enough IMO. |
There are consequences for caching. We must add |
For a short term solution, I'd rather we set the correct values in the |
I don't want to introduce such complexity (a new listener that we'll have to maintain BC for) just to fix this issue with a 3rd party library. And NelmioCors is already returning a different response for Preflight requests and non-preflight requests, so the potential cache issue already exists. My proposal is to:
|
Thanks @dunglas! 🎉 |
Preflight requests cannot be accessed in JS, therefore settings the
Link
headers for Hydra and Mercure is useless for these requests Not setting them prevent the issues with invalid URLs being generated. This an alternative fix to #3262.