You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 11, 2023. It is now read-only.
It seems GCDWebServer, when configured to use Basic auth, requires the Authorization header on preflight (OPTIONS) requests. However, the spec states that browsers are not to send the Authorization header for preflight, so unfortunately I cannot use both CORS and authorization, as the preflight requests are rejected with 401 Unauthorized.
Refer to the CORS spec where it says preflight requests should "Exclude user credentials".
The text was updated successfully, but these errors were encountered:
It seems GCDWebServer, when configured to use Basic auth, requires the
Authorization
header on preflight (OPTIONS
) requests. However, the spec states that browsers are not to send theAuthorization
header for preflight, so unfortunately I cannot use both CORS and authorization, as the preflight requests are rejected with401 Unauthorized
.Refer to the CORS spec where it says preflight requests should "Exclude user credentials".
The text was updated successfully, but these errors were encountered: