Open sthulb opened 4 days ago
Issue number: #4589
Ensures CORS behaviour is correct.
Please provide a summary of what's being changed
CORSConfig
Origin
ACA-Origin
*
ACA-Credentials
allowed_origins
The disabling of Access-Control-Allow-Credentials to prevent server-side credentials being returned to non-named origins.
Access-Control-Allow-Credentials
Please share what the user experience looks like before and after this change
If your change doesn't seem to apply, please leave them unchecked.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.
Issues 0 New issues 0 Accepted issues
Measures 0 Security Hotspots 0.0% Coverage on New Code 0.0% Duplication on New Code
See analysis details on SonarCloud
Issue number: #4589
Summary
Ensures CORS behaviour is correct.
Changes
CORSConfig
Origin
header asACA-Origin
regardless*
, disablesACA-Credentials
CORSConfig
hasallowed_origins
Origin
header asACA-Origin
regardlessACA-Origin
CORSConfig
is set with domains and*
inallowed_origins
Origin
header asACA-Origin
regardless*
and disablesACA-Credentials
The disabling of
Access-Control-Allow-Credentials
to prevent server-side credentials being returned to non-named origins.User experience
Checklist
If your change doesn't seem to apply, please leave them unchecked.
Is this a breaking change?
**RFC issue number**: Checklist: * [ ] Migration process documented * [ ] Implement warnings (if it can live side by side)Acknowledgment
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.