access-control-allow-origin does not show in response headers #1
Comments
|
I checked the code and there is no "origin" inside the headers which is used to get the origin here: This is what i see inside the headers of a test request:
Also, it would be nice if |
|
The problem is that CORS headers are only added when the request is allowed. They should probably be present for every request. For development purposes and requests that do not require credentials the following CORS middleware is sufficient. |
|
if you're trying to go "all-the-way" you can do something like this: (def cors-headers
{ "Access-Control-Allow-Origin" "*"
"Access-Control-Allow-Headers" "Content-Type"
"Access-Control-Allow-Methods" "GET,POST,OPTIONS" })
(defn all-cors
"Allow requests from all origins"
[handler]
(fn [request]
(let [response (handler request)]
(update-in response [:headers]
merge cors-headers ))))note that you'll need some way of handling OPTIONS requests. |
|
@bhurlow awesome catch... merging yours with a pre-flight it's even better... https://gist.github.com/leordev/35bee2e7dfde38ced6b1f5236cc45c0d 😆 |
Hello,
I am using compojure and I wanted to allow origin from anywhere for the development process of my app so i added ring-cors like the example shows but if i look at the response headers on my chrome developer tools, i do not see the header set.
Does this middleware still works or is it abandoned?
Thanks for your time
The text was updated successfully, but these errors were encountered: