-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Empty origin header doesn't work #23
Comments
This seems to be due to the lack of an "Origin" header in my According to Mozilla, the "Origin" header can be blank - https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Origin though it appears that's not currently supported as |
The header can be blank, but there is no value in handling a blank origin.
Your browser will always send the Origin header when making a request to
something from a different origin. Tools like curl do not have this
behaviour and your routes will work just fine without the header.
See https://www.w3.org/TR/cors/#resource-processing-model
|
You can test with the following example: #![feature(plugin)]
#![plugin(rocket_codegen)]
extern crate rocket;
extern crate rocket_cors;
use rocket::http::Method;
use rocket_cors::{AllowedOrigins, AllowedHeaders};
#[get("/")]
fn get<'a>() -> &'a str {
"Hello CORS"
}
#[put("/")]
fn put<'a>() -> &'a str {
"Hello CORS"
}
#[post("/")]
fn post<'a>() -> &'a str {
"Hello CORS"
}
#[delete("/")]
fn delete<'a>() -> &'a str {
"Hello CORS"
}
fn main() {
let (allowed_origins, failed_origins) = AllowedOrigins::some(&["http://www.test-cors.org"]);
assert!(failed_origins.is_empty());
// You can also deserialize this
let options = rocket_cors::Cors {
allowed_origins: allowed_origins,
allowed_methods: vec![Method::Get, Method::Put, Method::Post, Method::Delete]
.into_iter()
.map(From::from)
.collect(),
allowed_headers: AllowedHeaders::some(&["Authorization", "Accept"]),
allow_credentials: true,
..Default::default()
};
rocket::ignite()
.mount("/", routes![get, put, post, delete])
.attach(options)
.launch();
} From the
|
@adimarco: I am assuming that you have no further issue with this. Please reopen or raise a new issue if something new arises. |
I got brained by this issue the first time I tried rocket_cors, and adimarco and I probably aren't the only one. Took me quite a lot of googling to find out the missing Handling no/default Origin would be great to make rocket_cors easier to understand, and help them understand they aren't doing anything wrong when they try the crate for the first time. |
Do you mean you would like the crate to inject the CORS response headers even when the browser does not include any CORS related request headers? |
After pulling my hair out a bit trying to get
rocket_cors
working with my existing rocket code, I tried checking out the git repo and runningcargo run --example fairing
and got the same results.No headers are ever added.
curl
output for the fairing example nets me:I'm running the latest nightly rust available from
rustup
:Console output from the running example is:
Am I missing something? This is exactly the same thing that happens when I try to integrate it with my existing rocket app (nothing at all).
The text was updated successfully, but these errors were encountered: