ForceCORS
ForceCORS copied to clipboard
chrisdeely
HTTP_ORIGIN wild card
For Access-Control-Allow-Origin
It would be nice to pass the current URL so if the value in the settings was: HTTP_ORIGIN
Then you would replace that with the current url in the header ...
In my nginx.conf file I do this: more_set_headers 'Access-Control-Allow-Origin: $http_origin'; more_set_headers 'Access-Control-Allow-Credentials: true';
that's a great idea! Interested in working on it?
On Thu, Aug 21, 2014 at 3:26 PM, caseman72 [email protected] wrote:
For Access-Control-Allow-Origin
It would be nice to pass the current URL so if the value in the settings was: HTTP_ORIGIN
Then you would replace that with the current url in the header ...
In my nginx.conf file I do this: more_set_headers 'Access-Control-Allow-Origin: $http_origin'; more_set_headers 'Access-Control-Allow-Credentials: true';
— Reply to this email directly or view it on GitHub https://github.com/chrisdeely/ForceCORS/issues/9.
Looking at the code now ... wonder if it would work with my plugin (https://github.com/caseman72/garmin.com.js) as I have to proxy the code through an nginx server to get it to work ... but if I can make Chrome think they have CORS headers then I get get around that
To get it to work - it should be straight forward if/then - just need to get the current URL ... I will fork and test ...
Easiest route is probably to look at the header value in https://github.com/chrisdeely/ForceCORS/blob/master/background.js#L47-L51
If it matches "HTTP_ORIGIN" replace with the current Host value