Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reassess the cors plugin #339

Open
empijei opened this issue Oct 10, 2022 · 1 comment
Open

Reassess the cors plugin #339

empijei opened this issue Oct 10, 2022 · 1 comment

Comments

@empijei
Copy link
Contributor

empijei commented Oct 10, 2022

Working with the CORS plugin has proven quite hard in my testing experience.

Installing it immediately makes all requests fail, including just simple GET requests that don't have an "Origin" header.

This is very anti-ergonomic. We should only block requests that might be using CORS, and use an InterceptorConfig to relax the protection of specific handlers.

The default behavior of the plugin should be to make an application that doesn't make use of CORS behave exactly as before, but reject all CORS requests.

Then users could relax the behavior on specific endpoints.

@empijei empijei changed the title Reassess the cors plugin. Reassess the cors plugin Oct 10, 2022
@jub0bs
Copy link

jub0bs commented Nov 14, 2024

Here is one source of inspiration: https://github.com/jub0bs/cors

@empijei Middleware produced by my library let non-CORS requests through (as it should).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants