Andrei Nesterov

My thoughts according that matching function. 1. The user agent may send an origin header with the "null" value. > http://tools.ietf.org/html/rfc6454#section-7.3 > 7.3. User Agent Requirements > Whenever a user...

2 - I've never seen it 1 - Yes, I made it yesterday For that I set up the following: - Web page hosted on "http://localhost:8000" - Server with handler...

Could be our function: ``` erlang -spec match_origin([{binary(), binary(), 0..65535} | reference()] | '*', cowboy_req:req()) -> {ok, binary()} | error. match_origin(AllowedOrigins, #{headers := #{ := HeaderVal}}) -> %% NOTE: we...

Or we could move the matching logic to the `cowlib`. ``` erlang -spec match_origin(Origin, [Origin] | '*') -> boolean() when Origin :: {binary(), binary(), 0..65535} | reference(). match_origin(Val, '*') when...

@essen, what do you think about merging CORS related parsing/producing functions for cowlib?

@essen, what do you also think about putting the `match_origin(Origin, [Origin] | '*') -> boolean()` function into cowlib (perhaps, `check_origin` is a better name)? I could make a PR.

I will write the tests. You're right about maps, it's a better choice. And we need the `binary_join` function at least for exposed headers.

@hachreak, the main conversation is [here](https://github.com/ninenines/cowboy/issues/947).

@hachreak, this PR is currently obsoleted. You can implement the support of CORS in a way described in the last few comments [here](https://github.com/ninenines/cowboy/issues/947), using new functions of cowlib. Will it...

@hachreak, have you seen an [example](https://github.com/ninenines/cowboy/issues/947) here? Is it not clear how you can implement CORS support from that example or you mean an example in the docs?