You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If an error occurs (e.g. Bad Request) while using the CORS middleware, CORS headers previously set via the middleware get overwritten in sendErrorMessagein the following lines
CORS headers should only be added by the middleware,
if the middleware is not used, CORS headers should not be set at all.
Setup
OS: Fedora 32
browser: Chrome 85
engine.io version: 4.0.0
Other information (e.g. stacktraces, related issues, suggestions how to fix)
I'm not sure if the CORS headers are overwritten in the code for any particular reason, I would personally remove them (can make a PR).
If error responses have separate fixed CORS header settings for a reason, I would like to comment the function to make it clear this is not just legacy CORS code.
The text was updated successfully, but these errors were encountered:
The Access-Control-Allow-xxx headers added by the cors middleware were
overwritten when sending an error response.
Those lines should have been removed in [1].
[1]: 61b9492
Related: #605
You want to:
Current behaviour
If an error occurs (e.g. Bad Request) while using the CORS middleware, CORS headers previously set via the middleware get overwritten in
sendErrorMessage
in the following linesSteps to reproduce (if the current behaviour is a bug)
Expected behaviour
CORS headers should only be added by the middleware,
if the middleware is not used, CORS headers should not be set at all.
Setup
Other information (e.g. stacktraces, related issues, suggestions how to fix)
I'm not sure if the CORS headers are overwritten in the code for any particular reason, I would personally remove them (can make a PR).
If error responses have separate fixed CORS header settings for a reason, I would like to comment the function to make it clear this is not just legacy CORS code.
The text was updated successfully, but these errors were encountered: