cors
cors copied to clipboard
koajs
Cross-Origin Resource Sharing(CORS) for koa
Requests are currently going through even if the origin is not allowed.
I don't understand why the latest commit sets the default Access-Control-Allow-Origin to *. This makes no difference to setting it as the request Origin, as both will break the browser's...
The recent breaking change to fix [this advisory](https://github.com/koajs/cors/security/advisories/GHSA-qxrj-hx23-xp82) fixes the scenario where an `origin` is _not_ specified but it _breaks_ the scenario where it is. If an `Origin` is supplied...
Allow not returning any access control headers if the Origin is not allowed to access the resource
## Describe the feature At the moment the library does not allow handling the scenario in which the origin is not allowed to access the resource: it expects `options. origin`...
When using the default options, as the docs describe, without defining an `origin`, the response will set `Access-Control-Allow-Origin` to the request `Origin` header. ``` Enable cors with default options: origin:...
