Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CORS Header empty #81

Closed
sebastiangrebe opened this issue Jan 4, 2021 · 2 comments
Closed

CORS Header empty #81

sebastiangrebe opened this issue Jan 4, 2021 · 2 comments

Comments

@sebastiangrebe
Copy link

sebastiangrebe commented Jan 4, 2021

I have added cors_plug to my deps.

I inserted the following into my dev.exs config:

config :cors_plug, origin: ["http://localhost:3000"]

I also inserted CORSplug into my endpoint.ex like this before the router:
plug CORSPlug

Still my header is empty. What am I doing wrong?

@sebastiangrebe
Copy link
Author

sebastiangrebe commented Jan 5, 2021

What I discovered now is if I have not configured cors_plug in my config and removed it from the endpoint.ex the "access-control-allow-origin" header shows me "*".
If I insert the configuration though and restart the server the headers are just missing.

@sebastiangrebe
Copy link
Author

Ok I misunderstood the documentation.
Only if the Origin header matches the actual one configured in cors_plug the correct headers are even set.

I did not find this part in the documentation though. The Origin can be faked so it is not really more or less secure but of course you do not set the headers needlessly which is good.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant