search

conveyal / analysis-backend

Server component of Conveyal Analysis
http://conveyal.com/analysis
MIT License
23 stars 12 forks source link

Fix CORS requests for Safari/Firefox #232

Closed trevorgerhardt closed 5 years ago

trevorgerhardt commented 5 years ago

Switch from allowing * headers to an explicit list to fix CORS for Safari/Firefox

codecov-io commented 5 years ago

Codecov Report

Merging #232 into dev will not change coverage. The diff coverage is 0%.

Impacted file tree graph

@@            Coverage Diff            @@
##                dev     #232   +/-   ##
=========================================
  Coverage     22.79%   22.79%           
  Complexity      103      103           
=========================================
  Files            63       63           
  Lines          2426     2426           
  Branches        219      219           
=========================================
  Hits            553      553           
  Misses         1838     1838           
  Partials         35       35
Impacted Files Coverage Δ Complexity Δ
...rc/main/java/com/conveyal/taui/AnalysisServer.java 42.7% <0%> (ø) 4 <0> (ø) :arrow_down:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 1512d3c...89e17cb. Read the comment docs.

trevorgerhardt commented 5 years ago

Ideally, yes. We would add a configuration option that would set the only allowable origins. "analysis.conveyal.com" for production and "analysis-staging.conveyal.com" for staging. The problem is we wouldn't be able to access it from dev clients or from automatically created Zeit builds.

I'm not entirely sure why the wildcard option works for "Origin" but not "Headers", but it does. I'd say that's the main weirdness here.