You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What I discovered now is if I have not configured cors_plug in my config and removed it from the endpoint.ex the "access-control-allow-origin" header shows me "*".
If I insert the configuration though and restart the server the headers are just missing.
Ok I misunderstood the documentation.
Only if the Origin header matches the actual one configured in cors_plug the correct headers are even set.
I did not find this part in the documentation though. The Origin can be faked so it is not really more or less secure but of course you do not set the headers needlessly which is good.
I have added cors_plug to my deps.
I inserted the following into my dev.exs config:
I also inserted CORSplug into my endpoint.ex like this before the router:
plug CORSPlug
Still my header is empty. What am I doing wrong?
The text was updated successfully, but these errors were encountered: