You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Working with the CORS plugin has proven quite hard in my testing experience.
Installing it immediately makes all requests fail, including just simple GET requests that don't have an "Origin" header.
This is very anti-ergonomic. We should only block requests that might be using CORS, and use an InterceptorConfig to relax the protection of specific handlers.
The default behavior of the plugin should be to make an application that doesn't make use of CORS behave exactly as before, but reject all CORS requests.
Then users could relax the behavior on specific endpoints.
The text was updated successfully, but these errors were encountered:
Working with the CORS plugin has proven quite hard in my testing experience.
Installing it immediately makes all requests fail, including just simple GET requests that don't have an "Origin" header.
This is very anti-ergonomic. We should only block requests that might be using CORS, and use an
InterceptorConfig
to relax the protection of specific handlers.The default behavior of the plugin should be to make an application that doesn't make use of CORS behave exactly as before, but reject all CORS requests.
Then users could relax the behavior on specific endpoints.
The text was updated successfully, but these errors were encountered: