elasticmachine
commented
6 years ago Pinging @elastic/es-core-infra
Open Tim-Brooks opened 6 years ago
elasticmachine
commented
6 years ago Pinging @elastic/es-core-infra
elasticsearchmachine
commented
2 years ago Pinging @elastic/es-distributed (Team:Distributed)
When introducing Cors for the nio http server transport, an issue was raised by @tvernum with our current Cors logic. Currently we set the "access-control-allow-origin" response header to to the request "origin" header if the host is the same. This is based on our expectation that this is the same origin.
However, in the Cors sense, an origin is (scheme, host, port). So this logic does not make sense. Additionally, it is not clear if we need to check if the origin is the same as that would not be a cross-origin resource sharing request.