-
Notifications
You must be signed in to change notification settings - Fork 179
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove hardcoded CORS headers #59
Comments
I am not sure if its worth to be covered with tests |
Thanks for raising the issue. I think you're right that this should be moved out, however ideally without breaking things for other users who might be relying on that header. I will have a think and see if there's a nice way to achieve this. |
A few suggestions came into my mind if you are interested:
|
Sorry for leaving this so long! Custom headers are now supported by the server. It should be possible to remove the header by: s := sse.New()
delete(s.Headers, "Access-Control-Allow-Origin") or by
This should preserve backwards compatibility for users who are relying on that header being present. |
This is not a bug, but more like an enhancement.
Current CORS headers returned by http handler enforce "allow all" and there is no easy way to change that (except for writing a custom middleware which will wrap response with our custom one, which will discard those headers).
IMHO CORS is not part of SSE response and should be handled elsewhere - i.e. in middlewares.
This is probably a breaking change, as some clients might already expect those headers to be sent.
The text was updated successfully, but these errors were encountered: