Closed gernest closed 1 year ago
^ pls open it in Jira too
done
@buger those headers are always added by httpbin
API https://github.com/zeke/httpbin/blob/cc9cc8b2d5275decf1f9b78246c3dc8a78093643/httpbin/core.py#L53
Closing this per explanation above and closure of the internal ticket.
Branch/Environment/Version
Describe the bug When cors is configured for an API definition it isn't applied as it is supposed to.
Reproduction steps add this api definition
Notice that we have set
allow_credentials": false
Actual behavior
Notice we have the header
Access-Control-Allow-Credentials: true
set by the gatewayNow we send wrong host
Expected behavior
When
allow_credentials": false
tyk should not setAccess-Control-Allow-Credentials: true
headerWhen we send a host that is not allowed tyk should not set cors headers.