Skip to content

CORS headers not sent if Origin is an empty string #517

New issue
New issue
Closed
Closed
CORS headers not sent if Origin is an empty string#517
@michaelbironneau

Description

@michaelbironneau
michaelbironneau
opened on May 20, 2016

According to Mozilla information on CORS it is valid to send a blank "Origin" header. However, the Cors middleware will not send a Access-Control-Allow-Origin header if the "Origin" header in the request is blank (even if allowed origin is "*").

The middleware should check that the "Origin" header is present, but it should not regard requests with blank "Origin" headers as invalid access control requests.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions