When an AJAX call is redirected to another endpoint, the origin is set to the string 'null' instead of the original origin. Servers have to explicitly allow this value and return null in the corresponding cors header.
As we are preparing the authentication flow with OIDC, we will need to allow this origin, at least for authentication routes.
I did not find an easy way to let forest-express handle these cors declarations and only accept this value for routes that needed it. So the simpler solution is to allow null for all routes.
When an AJAX call is redirected to another endpoint, the origin is set to the string
'null'
instead of the original origin. Servers have to explicitly allow this value and returnnull
in the corresponding cors header.As we are preparing the authentication flow with OIDC, we will need to allow this origin, at least for authentication routes.
I did not find an easy way to let
forest-express
handle these cors declarations and only accept this value for routes that needed it. So the simpler solution is to allownull
for all routes.Pull Request checklist: