Automatically set changeOrigin: true for non-local verifications
#319
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… verification When the provider verification process is run against a remote provider, the origin header can mismatch the actual remote proxied process. This PR defaults to change the origin of the host header to the target URL, unless specifically overridden by the user. This should remove a class of confusing issues for new users. See #280, #281 and #282 for background. This specific issue has come up on Slack a number of times, and hence fixing before it appears as a GH issue.
1 similar comment
|
@mefellows good idea on this change, do you want me to test it out at all on one of my projects ? |
|
Thanks @YOU54F, if you wouldn't mind that would be great! I need to update tests etc. here before releasing. |
This was referenced Jul 29, 2019
|
@mefellows This change looks good to me - should we merge it? |
|
Yep, if you're free and in the head space - go for it. I was waiting for
feedback, but is yet to arrive.
…On Thu, Sep 12, 2019 at 2:51 PM Timothy Jones ***@***.***> wrote:
@mefellows <https://github.com/mefellows> This change looks good to me -
should we merge it?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#319?email_source=notifications&email_token=AAANFDABOWK7SXBDEBDFLXTQJHDDTA5CNFSM4H3DL5U2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD6QUTDQ#issuecomment-530663822>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAANFDFLNED2TEZDTEJEHODQJHDDTANCNFSM4H3DL5UQ>
.
--
Matt Fellows
www.onegeek.com.au
calendly.com/mfellows
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When the provider verification process is run against a remote provider, the origin
header can mismatch the actual remote proxied API.
This PR defaults to change the origin of the host header to the target URL in this case only, unless
specifically overridden by the user. This should remove a class of confusing issues
for new users.
See #280, #281 and #282 for background. This specific issue has come up on Slack
a number of times, and hence fixing before it appears as a GH issue.