We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
In the case of a non validated request the Access-Control-Allow-Origin is set to false as mentionned in #124 . Which is not RFC compliant, also the use of null is not the best as said in https://w3c.github.io/webappsec-cors-for-developers/#avoid-returning-access-control-allow-origin-null . Would be better to not return the CORS header in the case a non validation. What do you think @mcollina ?
Access-Control-Allow-Origin
false
null
RFC: https://tools.ietf.org/html/rfc6454#section-7.1
The text was updated successfully, but these errors were encountered:
Let's go with it! PR?
Sorry, something went wrong.
I'll work on it
Successfully merging a pull request may close this issue.
馃悰 Bug Report
In the case of a non validated request the
Access-Control-Allow-Origin
is set tofalse
as mentionned in #124 . Which is not RFC compliant, also the use ofnull
is not the best as said in https://w3c.github.io/webappsec-cors-for-developers/#avoid-returning-access-control-allow-origin-null . Would be better to not return the CORS header in the case a non validation. What do you think @mcollina ?RFC: https://tools.ietf.org/html/rfc6454#section-7.1
The text was updated successfully, but these errors were encountered: