Open julik opened 2 years ago
cyu
commented
1 year ago @julik I'll be honest, I'm not sure what's happening that's preventing the headers from being provided. If you can provide an working example, I'll take a look, fix if I can or document if a fix isn't possible.
julik
commented
1 year ago The issue here is that of something that Rack::CORS wraps does a raise, the middleware has no control over the Origin header. This means that the response generated by the "error page" application or middleware, whatever it may be, will not contain headers generated by Rack::CORS. I don't think it is possible to resolve, because you can't include the Origin header in the exception - this is not supported by Rack. Hope I am explaining it right?..
When an exception gets raised Rack::Cors won't add headers anymore, which leads to the browser not even loading the response. This honors an explanation, as it will likely occur with Rack apps where no default error handler page / middleware is configured.