Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

allow token-authenticated requests cross-origin by default #2920

Merged
merged 2 commits into from Oct 20, 2017

Conversation

@minrk
Copy link
Member

@minrk minrk commented Oct 10, 2017

we already apply this logic in our server-side checks, but browsers check Access-Control-Allow-Origin headers themselves as well, meaning that token-authenticated requests can’t be made cross-origin without CORS headers from browsers, only scripts.

This makes default browser and server-side origin checks consistent

includes #2919 to avoid merge conflicts

we already apply this logic in our server-side checks,
but browsers check `Access-Control-Allow-Origin` headers themselves as well,
meaning that token-authenticated requests can’t be made cross-origin without CORS headers from browsers,
only scripts.

This makes default browser and server-side origin checks consistent
@minrk minrk force-pushed the allow-origin-token branch from 014316c to 9acf6a8 Oct 11, 2017
@minrk
Copy link
Member Author

@minrk minrk commented Oct 11, 2017

My conflict-avoidance strategy was not successful, apparently. Rebased.

Loading

@takluyver
Copy link
Member

@takluyver takluyver commented Oct 11, 2017

I'm never entirely sure about these CORS issues, but I think I understand the basic idea, and I'm happy to trust the two of you. Do you want anyone else to review it? Do you want it in for 5.2?

Loading

@takluyver takluyver added this to the 5.3 milestone Oct 20, 2017
@takluyver takluyver merged commit 55aa80e into jupyter:master Oct 20, 2017
4 checks passed
Loading
@gnestor
Copy link
Contributor

@gnestor gnestor commented Oct 26, 2017

We're going to try to release 5.2.1. Should this be included?

Loading

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 4, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants