Tabcorp / restify-cors-middleware

CORS middleware with full W3C spec support
108 stars 64 forks source link

Vary: origin should be always set when CORS middleware is enabled #69

Open marcoreni opened 6 years ago

marcoreni commented 6 years ago

Hello,

we're having an issue using Restify + CORS Middleware behind a caching system.

It seems that we're encountering something similar to this: https://stackoverflow.com/a/45081016 . Basically, since the Vary: origin header is set only for CORS requests, the caching system caches a clean request to a resource without the CORS headers (as it should do), but uses this cached response for the CORS request too (therefore causing errors).

We confirmed the issue by forcing a Vary: origin header in all of our responses, but we think that if the CORS middleware is enabled, the Vary header should be always set.

JimPatterson commented 5 years ago

It seems the maintainers have dark. I have forked this repo and included the open PRs and also fixed this issue. See https://www.npmjs.com/package/restify-cors-middleware2 / https://github.com/DatatracCorporation/restify-cors-middleware2 if you need a fix.