koa
koa copied to clipboard
koajs
req.origin should display the `origin` header if it exists, not the current hostname
https://github.com/koajs/koa/blob/aaac09af1a6aa02161fead1422fac460fbdcce3e/lib/request.js#L95
what do you all think? this would be a breaking change
I think this would be a good change, request.origin isn't used by us for this reason. I think most plugins/users behind a proxy in need of origin get it via request.get anyway. E.g. https://github.com/koajs/cors/blob/master/index.js#L46
If this is done (thus semver-major bump), maybe consider other #904, and dropping https://github.com/koajs/koa/blob/master/lib/application.js#L107?
@jonathanong if you'd like to proceed with a new version, maybe create a v3 milestone as "todos"?
edit oh, the milestone already existed!
What's the expected behaviour here?
if header.origin:
return header.origin
else
return this.protocol + this.host // current behaviour
Don't agree with return header.origin when exist, else return protocol + host, For header.origin is mostly used for CORS. I think should return header.origindirectly.
origin should reflect exactly-and-only what exists in the request. Special casing the behavior will be confusing and unexpected, especially when proxies/load balancers/VPNs start getting involved.
Yeah, it was very confusing to me, had to fallback to request.get('origin')
So let me try to understand that. If I want to compose links in my response, that the client can directly follow I have to use the origin header? Is it always guaranteed to be set?
why i use baseURl 127.0.0.1:port/xxxxxxxx in ssr get data, get hostname is { localhost: port } just equal the url ..........
Don't agree with return
header.originwhen exist, else returnprotocol + host, Forheader.originis mostly used for CORS. I think should returnheader.origindirectly.
I agree. origin just should indicate where a fetch originates from. Not the host to which the request is being sent.
