-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
api: Further improvements to the CORS logic #1001
Conversation
This pull request is being automatically deployed with Vercel (learn more). 🔍 Inspect: https://vercel.com/livepeer/livepeer-com/BDYJrG6bW3sJ6zYRjebv487x447W [Deployment for 75f4a1a failed] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
75f4a1a
to
fba3394
Compare
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
Codecov Report
@@ Coverage Diff @@
## master #1001 +/- ##
===================================================
+ Coverage 49.22405% 49.29884% +0.07479%
===================================================
Files 66 66
Lines 4124 4136 +12
Branches 724 730 +6
===================================================
+ Hits 2030 2039 +9
Misses 1851 1851
- Partials 243 246 +3
Continue to review full report at Codecov.
|
We have to allow all pre-flight because the browser doesn't send the authorization header on OPTIONS. So we have to allow all the pre-flights, but then we don't want to execute the actual requests... So we reached this solution. I cry a little inside, but I already do that everytime I think about CORS.
Also add a little test to check the static rules.
b19c4c4
to
3036664
Compare
What does this pull request do? Explain your changes. (required)
This is a follow up on #985, addressing some additional issues discussed during
the #load-test session today regarding the security of these new changes made
to the CORS handling of the API.
Specific updates (required)
analyzer
(stream health) APIs as well in the future (won't be a drop-in tho, also need theanalyzer
to start forwarding the CORS headers)-
yarn test
(I'll work on adding some unit tests for cors)Does this pull request close any open issues?
Not yet. Fixes some things we talked about in the #load-test.
Screenshots (optional):
Checklist: