New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request with credentials not working due to Origin: * #8
Comments
Yes, I'll would be glad. |
OK, I'll send a PR shortly. Would you also be open to setting the |
As the project in which we're using this library moves on, we're finding that we need more configuration and flexibility (for now, setting |
No, I'm sorry for that. I really want to keep that package free of configurations. Did you have tried to do that on Barryvdh/LaravelCors or Nordsoftware/LumenCors ? By the way, you are free to rename my package to use on your way and republish that on packagist. You are also free to think a "non-configurable" way to do that things. |
As per https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Requests_with_credentials "when responding to a credentialed request, server must specify a domain, and cannot use wild carding".
CorsService::getCorsHeaders()
currently has'Access-Control-Allow-Origin' => '*',
. If this where changed to'Access-Control-Allow-Origin' => $request->headers->get('Origin') ?: '*',
then credentialed requests will also work.@vluzrmos is this a change you would be OK with? If so, would you like a pull request?
The text was updated successfully, but these errors were encountered: