akka-http-cors icon indicating copy to clipboard operation
akka-http-cors copied to clipboard

Published 20 hours ago verified publisher icon lomigmegard

When allowed origins are configured, it blocks even same origin requests

Open haneul opened this issue 5 years ago • 2 comments

Hello! I'm trying to use your library to apply cors in akka-http.

When I configured with cors(settings) { route } and settings includes allowedOrigins, it seems that the requests from the same origin also be blocked with invalidOrigin rejection. Is there a good way to filter that out?

haneul avatar Oct 18 '19 04:10 haneul

Hi!

Could you provide an example request/response and the full settings you are using?

akka-http is not aware of its "same" origin and treat it as any other origin.

lomigmegard avatar Nov 05 '19 18:11 lomigmegard

so let's say we run the akka server on https://10.0.1.1

and have allowed origin with https://10.0.1.2 then when you access https://10.0.1.1 and it makes XHR to the its own APIs, it was rejected from akka-cors as you mentioned that it's not aware of its same origin, which seemed weird to me.

haneul avatar Nov 18 '19 19:11 haneul