egg icon indicating copy to clipboard operation
egg copied to clipboard

Published 20 hours ago • verified publisher icon eggjs

Origin request header and Access-Control-Allow-Origin

Open sm2017 opened this issue 6 years ago • 1 comments

According to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin#Examples

Limiting the possible Access-Control-Allow-Origin values to a set of allowed origins requires code on the server side to check the value of the Origin request header, compare that to a list of allowed origins, and then if the Origin value is in the list, to set the Access-Control-Allow-Origin value to the same value as the Origin value.

But https://github.com/eggjs/egg-cors just set Access-Control-Allow-Origin and don't compare Origin header

sm2017 avatar Jun 16 '19 05:06 sm2017

@sm2017 according to the egg-cors's doc, you should introduce and config egg-security to achieve the requirement. Beside, the origin option support function type: 1. image 2. https://github.com/koajs/cors/blob/71c4d00b170f52fd1324e9fd028816408867f8a6/index.js#L56

sjy avatar Jul 09 '19 03:07 sjy