Skip to content

[Bug]: CORS is broken when GraphQL output cache is enabled (dynamic Access-Control-Allow-Origin header gets cached) #895

New issue
New issue
Closed
#896
Closed
[Bug]: CORS is broken when GraphQL output cache is enabled (dynamic Access-Control-Allow-Origin header gets cached)#895
#896
Assignees
mcop1
Labels
BugPimcore:ToDo
Milestone
1.8.3
@gajdusek

Description

@gajdusek
gajdusek
opened on Oct 17, 2024

Expected behavior

The Access-Control-Allow-Origin header should be dynamically set based on the incoming request's origin, even when serving a cached response.

Actual behavior

The Access-Control-Allow-Origin header is cached, which results in incorrect CORS headers being returned when serving responses from the cache.

Steps to reproduce

  1. Enable GraphQL output caching.
  2. Make a request to the GraphQL endpoint from one origin (e.g., Origin: https://example.com).
  3. Make another request from a different origin (e.g., Origin: https://another.com) and observe that the Access-Control-Allow-Origin header remains the same as the first request.

Metadata

Metadata

Assignees

Labels

BugPimcore:ToDo

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions