Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only Trigger the middleware on Origin/Host mismatch #15

Open
gbuisson opened this issue Jan 12, 2017 · 1 comment
Open

Only Trigger the middleware on Origin/Host mismatch #15

gbuisson opened this issue Jan 12, 2017 · 1 comment

Comments

@gbuisson
Copy link
Contributor

The current condition for ring-cors to be triggered is only to check the presence of an Origin header on the request.

Some browsers like Chrome always send that header even for same domain origin requests, thus ring-cors is triggered where it shouldn't, leading to unexpected behavior.

I think it would be best to check the presence of Origin as well as a mismatch between Origin and Host instead.
@r0man
Copy link
Owner

r0man commented Jan 12, 2017

@gbuisson Yes, I think that's a valid strategy. Patch welcome! ;)

@gbuisson gbuisson mentioned this issue Jan 12, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

issue 15: compare Host and Origin to check if req is xdomain
2 participants
@r0man @gbuisson