Skip to content

CORS route-specific override can conflict with connection defaults #2840

New issue
New issue
Closed
Closed
CORS route-specific override can conflict with connection defaults#2840
Assignees
hueniverse
Labels
breaking changesChange that can breaking existing codebugBug or defectsecurityIssue with security impact
Milestone
11.0.0
@hueniverse

Description

@hueniverse
hueniverse
opened on Oct 14, 2015

If the connection has CORS enabled but one route has it off, and the route is not GET, the OPTIONS prefetch request will return the default CORS headers and then the actual request will go through and return no CORS headers. This defeats the purpose of turning CORS on the route.

Also, try to automate Access-Control-Allow-Methods

Metadata

Metadata

Assignees

Labels

breaking changesChange that can breaking existing codebugBug or defectsecurityIssue with security impact

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions