Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updating koa/cors to 3.4.2 in order to fix cors filter origin problem #14357 #14552

Merged
merged 1 commit into from
Oct 6, 2022
Merged

Updating koa/cors to 3.4.2 in order to fix cors filter origin problem #14357 #14552

merged 1 commit into from
Oct 6, 2022

Conversation

CleberRossi
Copy link
Contributor

Updating koa/cors to 3.4.2 in order to fix cors filter origin problem #14357

There was a bug that is fixed on koa/cors 3.4.2 version.

Fixes #14357

What does it do?

In order to fix #14357 I had to fix another bug on koa/cors, as my PR was merged -> koajs/cors#87 I'm creating this PR in order to update the lib

Why is it needed?

Koa/cors was not calling origin middleware when the origin header was not present. Hence, even when you set credentials as false, the middleware was not called and people could not get Access-Control-Allow-Origin as '*'.

How to test it?

Set credentials as false on config/middlewares.js, call any API in order to retrive Access-Control-Allow-Origin as '*' as DEFAULT.

{
    name: 'strapi::cors',
    config: {
      credentials: false,
    },
  },

Related issue(s)/PR(s)

Fix #14357

Please, could you add https://hacktoberfest.com/ label?

@CleberRossi
Updating koa/cors to 3.4.2 in order to fix cors filter origin problem s…
89813f8 
…trapi#14357

There was a bug that is fixed on koa/cors 3.4.2 version.
@CleberRossi
Copy link
Contributor Author

@Convly @derrickmehaffy If you guys could help, please ? :) Letting you know because this fix a severity: medium issue. #14357

@codecov
Copy link

codecov bot commented Oct 6, 2022
edited

Codecov Report

Base: 58.71% // Head: 58.71% // No change to project coverage 👍

Coverage data is based on head (89813f8) compared to base (3ddf162).
Patch has no changes to coverable lines.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main   #14552   +/-   ##
=======================================
  Coverage   58.71%   58.71%           
=======================================
  Files        1321     1321           
  Lines       31976    31976           
  Branches     5954     5954           
=======================================
  Hits        18775    18775           
  Misses      11341    11341           
  Partials     1860     1860
Flag Coverage Δ
front 62.41% <ø> (ø)
unit 50.21% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@Convly Convly added source: core:strapi Source is core/strapi package pr: chore This PR contains chore tasks (cleanups, configs, tooling...) hacktoberfest-accepted PR is accepted and counts towards hacktoberfest labels Oct 6, 2022
@Convly Convly added this to the 4.4.4 milestone Oct 6, 2022
@Convly Convly self-requested a review October 6, 2022 07:37
Convly
Convly approved these changes Oct 6, 2022
View reviewed changes
Copy link
Member

@Convly Convly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested and works fine. Thanks for the contribution 🎉

@Convly Convly merged commit b307308 into strapi:main Oct 6, 2022
@Convly Convly mentioned this pull request Oct 19, 2022
Closed
@strapi-bot
Copy link

This pull request has been mentioned on Strapi Community Forum. There might be relevant details there:

https://forum.strapi.io/t/cors-changed-in-4-22-0-my-cors-settings-no-longer-work-but-origin-does/37240/3

@zirho zirho mentioned this pull request Apr 3, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Convly Convly Convly approved these changes

Assignees
No one assigned
Labels
hacktoberfest-accepted PR is accepted and counts towards hacktoberfest pr: chore This PR contains chore tasks (cleanups, configs, tooling...) source: core:strapi Source is core/strapi package
Projects
None yet
Milestone
4.4.4
Development

Successfully merging this pull request may close these issues.

No CORS Headers
3 participants
@CleberRossi @strapi-bot @Convly