Resolve issue #118 CORS issues in IE and Edge #119
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Firesphere
commented
Sep 14, 2017
|
|
||
| /** | ||
| * IE and Edge are a bit weird, so we check CORS headers differently on the same domain | ||
| * despite CORS being enabled. This checks if our IE exception plays nice |
There was a problem hiding this comment.
It's the Edge exception, not IE
| @@ -1634,6 +1634,21 @@ Once you have enabled CORS you can then control four new headers in the HTTP Res | |||
| Max-Age: 600 | |||
| ``` | |||
|
|
|||
| 5. **CORS exception for Internet Explorer and Edge** | |||
|
|
|||
| IE 11 and Edge fix. When CORS is enabled but we are on the same domain, | |||
There was a problem hiding this comment.
Needs an update as this is a copy-paste from the inline comment
|
Closing, as this #132 fixes the same issue Please re-open if I'm mistaken :) |
unclecheese
pushed a commit
to unclecheese/silverstripe-graphql
that referenced
this pull request
Jan 27, 2021
Fix remove JS env check, so debugging is possible without watching admin
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull involves a work-around for IE and Edge browsers not being able to send CORS headers when the root domain is the same, despite CORS headers being required.
It's falling back to referer. This is a security risk, but less of a security risk than simply allowing all when there is a CORS requirement.
This resolves issue #118 which contains more information on how and what this PR resolves.