Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CORS Headers #2733

Closed
diegossilveira opened this issue Aug 24, 2015 · 3 comments
Closed

CORS Headers #2733

diegossilveira opened this issue Aug 24, 2015 · 3 comments
Assignees
Labels
Milestone

Comments

@diegossilveira
Copy link

@diegossilveira diegossilveira commented Aug 24, 2015

When trying CORS support on Hapi, I came accross an implementation question. I supposed additionalExposedHeaders with override set to false works exposing extra headers, merging headers manually set. But it not works that way. The following code illustrates that:

var Hapi = require('hapi');

var server = new Hapi.Server();
server.connection({ port: 3001 });

server.route({
  method: 'GET',
  path: '/',
  handler: function (request, reply) {
    var response = reply('Hello, world!')
    response.header('access-control-expose-headers', 'x-custom-header');
    response.header('x-request-id', '12345');
    response.header('x-custom-header', '12345');
  },
  config: {
    cors: {
      override: false,
      additionalExposedHeaders: ['x-request-id']
    }
  }
});

server.start(function () {
  console.log('Server running at:', server.info.uri);
});

Shouldn't it return an access-control-expose-headers with both values x-custom-header and x-request-id? Sometimes the handler function sets an access-control-expose-headers dynamically and is desirable that additionalExposedHeaders values are still set.

I think the following algorithm is suitable when the override flag is set to false:

Is access-control-expose-headers is already set?

  • YES merge values from additionalExposedHeaders
  • NO set header with additionalExposedHeaders value
@nlf
Copy link
Member

@nlf nlf commented Aug 24, 2015

in my mind override: false means absolutely do not change the header, what you're describing could potentially be a new merge option or something though?

@diegossilveira
Copy link
Author

@diegossilveira diegossilveira commented Aug 25, 2015

@nlf You are right. I think a new merge option would solve that. I just think it could get a little bit confusing when override is used with merge.

override: true and merge: true | false -> Merge gets ignored, since override is set?

@hueniverse hueniverse self-assigned this Oct 2, 2015
@hueniverse hueniverse added this to the 10.2.0 milestone Oct 2, 2015
@hueniverse hueniverse closed this in c34a556 Oct 2, 2015
@Marsup Marsup added feature and removed request labels Sep 20, 2019
@lock
Copy link

@lock lock bot commented Jan 9, 2020

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.

@lock lock bot locked as resolved and limited conversation to collaborators Jan 9, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants