You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 22, 2022. It is now read-only.
As noted in #184 it's not intuitive that auth needs to be explicitly "bypassed" in logic for OPTIONS requests (at least for CORS). This should be documented and ideally sample code provided to make this obvious and easy.
The text was updated successfully, but these errors were encountered:
Is it possible to make the cors-machine bypass the auth?. The way it stands is there is two ways I see this being used.
The client is actually trying to do an OPTIONS call, eg to find out if it can say access the resource, I can see authorization being useful here
The client is checking CORS, auth is never allowed here.
To me these are two completely different actions (despite both occuring due to an OPTIONS request).
I don't know enough about CORS to know if the cors machine can correctly detect it is a cors request,
but how I imagine the flow would be
request -> is cors check? -> yes -> cors sections run, skips rest of machine and responds
request -> is cors check?-> no -> run freyahttpmachine as normal
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
As noted in #184 it's not intuitive that auth needs to be explicitly "bypassed" in logic for OPTIONS requests (at least for CORS). This should be documented and ideally sample code provided to make this obvious and easy.
The text was updated successfully, but these errors were encountered: