Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update CORS to respond with specific origin #5601

Closed
wants to merge 1 commit into from

Conversation

Projects
None yet
5 participants
@calvinfo
Copy link

calvinfo commented Mar 28, 2014

When put behind basic auth, CORS requests don't allow the use of
a wildcard ("*") for Access-Control-Allow-Origin:

http://www.w3.org/TR/cors/#resource-requests

We ran into this while having nginx with basic auth proxy to our es
node. It should effectively be the same as what is there for CORS
requests, but respond with the origin. Happy to update for any
changes neccessary.

Update CORS to respond with specific origin
When put behind basic auth, CORS requests don't allow the use of
a wildcard ("*") for Access-Control-Allow-Origin:

http://www.w3.org/TR/cors/#resource-requests

This commit fixes that and responds directly with the requested
origin.
@jeromeross

This comment has been minimized.

Copy link

jeromeross commented Apr 2, 2014

came here to submit this exact issue :)
applied your patch and works seamlessly! 👍
thank you.

@kimchy, would you review this please?

@FestivalBobcats

This comment has been minimized.

Copy link

FestivalBobcats commented Apr 4, 2014

Was just about to make this pull request myself as well. This is the only way to have CORS with HTTP Basic authentication (without using a proxy).

A big +1 from the Qbox.io team.

@kimchy

This comment has been minimized.

Copy link
Member

kimchy commented Jun 24, 2014

we will review it, we are thinking about how to better handle CORS on a more broader sense, which will also do this, right @spinscale?

@calvinfo

This comment has been minimized.

Copy link
Author

calvinfo commented Jun 24, 2014

Yeah, either way--I'm not too attached to the PR, so feel free to close!

@spinscale

This comment has been minimized.

Copy link
Member

spinscale commented Jun 25, 2014

Hey there, I am going to supercede this one with a new PR for properly supporting CORS very soon also adding some more features.

@calvinfo calvinfo closed this Jun 25, 2014

spinscale added a commit to spinscale/elasticsearch that referenced this pull request Jul 25, 2014

CORS: Support regular expressions for origin to match against
This commit adds regular expression support for the allow-origin
header depending on the value of the request `Origin` header.

The existing HttpRequestBuilder is also extended to support the
OPTIONS HTTP method.

Relates elastic#5601
Closes elastic#6891

spinscale added a commit that referenced this pull request Jul 25, 2014

CORS: Support regular expressions for origin to match against
This commit adds regular expression support for the allow-origin
header depending on the value of the request `Origin` header.

The existing HttpRequestBuilder is also extended to support the
OPTIONS HTTP method.

Relates #5601
Closes #6891

@jasontedor jasontedor referenced this pull request Jun 19, 2018

Closed

Upgrade to Gradle 4.8 and enable JDK 11 in CI #31230

8 of 10 tasks complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.