aws-lambda-api-event-utils icon indicating copy to clipboard operation
aws-lambda-api-event-utils copied to clipboard
verified publisher icon benkehoe

Add support for Vary: Origin for CORS?

Open benkehoe opened this issue 3 years ago • 2 comments

I don't fully understand it, but it may be useful to support it. https://textslashplain.com/2018/08/02/cors-and-vary/

benkehoe avatar Jan 19 '22 16:01 benkehoe

The mozilla page about cors states:

If the server specifies a single origin (that may dynamically change based on the requesting origin as part of an allowlist) rather than the "*" wildcard, then the server should also include Origin in the Vary response header to indicate to clients that server responses will differ based on the value of the Origin request header

If I recall correctly, that's mostly because of Caching reasons: If a resource is used with two different origins and cached by the browser, the browser might use the value of the cached Access-Control-Allow-Origin, which would only allow the first origin.

benbridts avatar Jan 20 '22 10:01 benbridts

Right, but from what I've read, it needs to be put on every request even if those requests are not dynamic on Origin, otherwise caching may happen. So I'm not totally sure how that would fit in (fully-formed responses are not modified by the decorator, and I want to keep it that way). I'm comfortable for now leaving it up to the user.

benkehoe avatar Jan 20 '22 13:01 benkehoe