Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

#63 into [email protected] ☄ rework not cors middleware, add case for request with credentials #64

Open
wants to merge 1 commit into
base: [email protected]
Choose a base branch
from
Open

#63 into [email protected] ☄ rework not cors middleware, add case for request with credentials #64

wants to merge 1 commit into from

Conversation

debabin
Copy link
Member

@debabin debabin commented May 24, 2023

No description provided.

@debabin debabin self-assigned this May 24, 2023
@debabin debabin added the bug Something isn't working label May 24, 2023
@debabin debabin linked an issue May 24, 2023 that may be closed by this pull request
noCors middleware does not work if send cookies from other origin #63
Open
RiceWithMeat
RiceWithMeat reviewed May 24, 2023
View reviewed changes
index.js
@@ -0,0 +1,78 @@
const { startMockServer } = require('./dist');
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

удаляем файл

MiaInturi
MiaInturi requested changes Jun 30, 2024
View reviewed changes
src/core/middlewares/noCorsMiddleware/noCorsMiddleware.ts
Comment on lines +10 to +11
const allowedHeaders = Object.keys(request.headers).join(', ');
const exposedHeaders = Object.keys(request.headers).join(', ');
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. exposed-headers это хэдеры ответа, так что брать их из запроса нет смысла. Думаю просто не имеет смысла сетить exposed-headers если пользователь явно их не задал через конфиг.
  2. allowed-headers можно вычислять только внути условия isPreflightRequest и брать из заголовка access-control-request-headers (как собственно и allow-methods)

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ну и оба эти пункта должны относиться и к corsMiddleware ИМХО

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RiceWithMeat RiceWithMeat RiceWithMeat left review comments

@MiaInturi MiaInturi MiaInturi requested changes

@kvelian kvelian Awaiting requested review from kvelian

Assignees

@debabin debabin

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

noCors middleware does not work if send cookies from other origin
3 participants
@debabin @MiaInturi @RiceWithMeat