New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Generate cors headers without wildcards #717

Merged
merged 1 commit into from Aug 9, 2016

Conversation

Projects
None yet
2 participants
@matteosuppo
Copy link
Contributor

matteosuppo commented Aug 9, 2016

The header Access-Control-Allow-Origin doesn't accept
wildcards such as *.example.com. Therefore after the
origin has been checked as valid, the header should
contain the origin without wildcards.

For example if we got an origin such as test.example.com
and we accept origins matching *.example.com, the resulting
header will be: Access-Control-Allow-Origin: test.example.com

Fix #711

Signed-off-by: Matteo Suppo matteo.suppo@gmail.com

Generate cors headers without wildcards
The header Access-Control-Allow-Origin doesn't accept
wildcards such as *.example.com. Therefore after the
origin has been checked as valid, the header should
contain the origin without wildcards.

For example if we got an origin such as test.example.com
and we accept origins matching *.example.com, the resulting
header will be: Access-Control-Allow-Origin: test.example.com

Signed-off-by: Matteo Suppo <matteo.suppo@gmail.com>
@raphael

This comment has been minimized.

Copy link
Member

raphael commented Aug 9, 2016

This is great! thank you.

@raphael raphael merged commit 2a6e833 into goadesign:master Aug 9, 2016

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

@matteosuppo matteosuppo deleted the matteosuppo:fix_cors_711 branch Aug 9, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment