Alexander Grueneberg
Alexander Grueneberg
It's already fixed, see #59.
Thanks for asking this question: I realized that I don't have any client-side examples. The configuration above will only work if the client sends a "simple" request, i.e., `GET`, `HEAD`,...
What headers are sent in the request? I'm also surprised you're getting an `access-control-allow-headers` header with value `*` with the config above. Is it Chrome?
I see, in that case I would expect Akamai to handle CORS as well. There should be a way to configure those CORS-related headers? I'm wondering if the preflight requests...
I would suggest to temporarily take Akamai out of the equation, find out which CORS headers you need, and then figure out how Akamai is handling CORS. Right now it...
Hi David, thanks for your detailed report! I'm currently busy with moving to a different state, but I will get back to you as soon as I can.
I just had a quick look at the spec and you are right: I must have missed the big fat green **_Note: The string "*" cannot be used for a...
Sorry for getting back to you so late. I don't like either throwing an error or relying on compliance on the browser side (a lesson I've learned in #18). What...
Unfortunately, neither Access-Control-Allow-Headers (for request headers) nor Access-Control-Expose-Headers (for response headers) allow wildcards, let alone regular expressions. I'll look into it, maybe there is another way.
I ran into this as well. Please merge. `xhr.withCredentials` definitely shouldn't be `true` by default.