Skip to content

/ webtorrent

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access-Control-Allow-Methods should be GET,HEAD #1267

Closed
feross opened this issue Jan 18, 2018 · 3 comments
Closed

Access-Control-Allow-Methods should be GET,HEAD #1267

feross opened this issue Jan 18, 2018 · 3 comments

Comments

@feross
Copy link
Member

@feross feross commented Jan 18, 2018
edited

In the webtorrent server, the Access-Control-Allow-Methods header should not set it's value to GET,HEAD,PUT,PATCH,POST,DELETE since only GET,HEAD are actually handled. Any other request type is rejected by the server with an "invalid method" error.

Let's pare down the list for defense-in-depth reasons. No reason to let cross-origin domains even send these requests in the first place.

@diracdeltas
@diracdeltas

This comment has been minimized.

Sign in to view
Copy link
Contributor

@diracdeltas diracdeltas commented Jan 18, 2018

++
@stale

This comment has been minimized.

Sign in to view
Copy link

@stale stale bot commented May 9, 2018

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
@stale stale bot added the stale label May 9, 2018
feross added a commit that referenced this issue May 10, 2018
@feross
Access-Control-Allow-Methods are GET,HEAD
Loading status checks…
8c8613d 
Fixes: #1267
@feross feross mentioned this issue May 10, 2018
Merged
@feross

This comment has been minimized.

Sign in to view
Copy link
Member Author

@feross feross commented May 10, 2018

Just sent a PR for this: #1383
@stale stale bot removed the stale label May 10, 2018
@lock lock bot locked as resolved and limited conversation to collaborators Aug 8, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
@feross @diracdeltas
You can’t perform that action at this time.