Skip to content

Same origin CORS logic does not consider scheme or port #30988

New issue
New issue
Open
Open
Same origin CORS logic does not consider scheme or port#30988
Assignees
Tim-Brooks
Labels
:Distributed Coordination/NetworkHttp and internode communication implementations>bug>tech debtTeam:Distributed (Obsolete)Meta label for distributed team (obsolete). Replaced by Distributed Indexing/Coordination.
@Tim-Brooks

Description

@Tim-Brooks
Tim-Brooks
opened on May 31, 2018

When introducing Cors for the nio http server transport, an issue was raised by @tvernum with our current Cors logic. Currently we set the "access-control-allow-origin" response header to to the request "origin" header if the host is the same. This is based on our expectation that this is the same origin.

However, in the Cors sense, an origin is (scheme, host, port). So this logic does not make sense. Additionally, it is not clear if we need to check if the origin is the same as that would not be a cross-origin resource sharing request.

Metadata

Metadata

Assignees

Labels

:Distributed Coordination/NetworkHttp and internode communication implementations>bug>tech debtTeam:Distributed (Obsolete)Meta label for distributed team (obsolete). Replaced by Distributed Indexing/Coordination.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions