Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"Vary: Origin" not set if Origin is not allowed. #106

Closed
tkopczuk opened this issue Mar 2, 2017 · 0 comments
Closed

"Vary: Origin" not set if Origin is not allowed. #106

tkopczuk opened this issue Mar 2, 2017 · 0 comments
Assignees
Labels

Comments

@tkopczuk
Copy link
Contributor

tkopczuk commented Mar 2, 2017

When using the 'array' or 'regexp' notation of whitelisted origins we don't send 'Vary: Origin' if the passed Origin is not allowed.

This results in failed CORS responses being cached by the downstream cache and subsequently served even for proper request (which would contain Vary: Origin, but downstream won't fetch them, as it has the cached response it's looking for).

This behavior is seen with e.g. Google Cloud cache, with the additional side effect of a failed CORS response overwriting all the previously cached successful responses that contained "Vary: Origin".

#105 PR for your consideration.

@dougwilson dougwilson added the bug label Mar 23, 2017
@dougwilson dougwilson self-assigned this Mar 23, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants