Option to set Timing-Allow-Origin
#102
Comments
|
Hi @dcherman Inever heard of that header before, that was a good learning about! Sorry your issue sat here for a while; I'm recently looking after this module so trying to go through everything. That being said, I think that it is out of scope for this module, since it does not fall into the realm of http://www.w3.org/TR/cors/ and there are probably use-cases where someone would want them configured independently. But there is a easy implementation for your desired state: var cors = require('cors')
var onHeaders = require('on-headers')
// ... all your stuff
app.use(function (req, res, next) {
onHeaders(res, function () {
var allowOrigin = res.getHeader('Access-Control-Allow-Origin')
if (allowOrigin) {
res.setHeader('Timing-Allow-Origin', allowOrigin)
}
})
next()
})
app.use(cors())I hope this helps! |
|
@dougwilson at the time that you wrote your response over six years ago, In 2019, it was added to the standard (whatwg/fetch#955) and it is currently included in the living CORS standard. Is it worth revisiting the decision not to add support for |
|
Hi @jmpage yea, it is part of the fetch spec, but still outside of the CORS part of the spec. You can find the CORS part only in section 3.2 of fetch you linked. That entire spec is all of fetch, with CORS on the server side, what this module is, only being section 3.2 . |
|
Got it and great point, thank you for your feedback, Doug! |
In order to allow the resource timing API to work correctly, the
Timing-Allow-Originmust be set to allow certain portions of the resource timing API to be used.Can we add an option to allow this header to be set, matching the value reflected for the
Access-Control-Allow-Originheader?The text was updated successfully, but these errors were encountered: