Open LouAdrien opened 4 years ago
@LouAdrien Thanks for posting! We'll take a look as soon as possible.
In the mean time, there are a few ways you can help speed things along:
Please remember: never post in a public forum if you believe you've found a genuine security vulnerability. Instead, disclose it responsibly.
For help with questions about Sails, click here.
Hey @LouAdrien, appreciate all the info on this. Having the team check it out.
Is this also an issue with non-blueprint routes as well, or only when using blueprints?
.Node version: 11.0.0 Sails version (sails): 1.2.3 ORM hook version (sails-hook-orm): 2.1.1 Sockets hook version (sails-hook-sockets): 2.0.0 Organics hook version (sails-hook-organics): 0.16.1 Grunt hook version (sails-hook-grunt): 4.0.1 Uploads hook version (sails-hook-uploads): not present DB adapter & version (e.g. sails-mysql@5.55.5): sails-mongo@1.0.1 Skipper adapter & version (e.g. skipper-s3@5.55.5): skipper-disk@0.5.12
In the example below, customCORS middleware will not be called on every route, for example if you create a User model, the blueprint GET route will not call customCORS. If I put customCORS first in the order, it will be called. Is that normal behavior? The documentation states the middlewares will ALWAYS be called.
(more readable version here : https://gist.github.com/LouAdrien/b2021f8c990b7ba067979c38e52e9662) `
module.exports.http = {
middleware: { order: [ // Putting custom CORS middleware twice as it seems it sometimes NOT get called, but sometime the cros headers get rewritten in the middle. 'cookieParser', 'session', 'bodyParser', 'compress', 'poweredBy', 'router', 'www', 'favicon', // Putting custom CORS middleware twice as it seems it sometimes NOT get called, but sometime the cros headers get rewritten in the middle. 'customCORS', ],
},
};
`