search

elm / http

Make HTTP requests in Elm
https://package.elm-lang.org/packages/elm/http/latest
BSD 3-Clause "New" or "Revised" License
155 stars 46 forks source link

Origin instead of Host #48

Closed gdamjan closed 5 years ago

gdamjan commented 5 years ago

the invoking page is sent in the Origin header with CORS requests

evancz commented 5 years ago

Can you share some documentation about this? Maybe there is a link on MDN or something? Or maybe there is some code snippet I can run in a couple browsers first? Makes sense, but I want to verify anyway!

gdamjan commented 5 years ago

Sure. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Host The Host header, you can see it in any request your browser sends, and is always the server (virtual host) you connect to.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin The Origin header, is sent in so called CORS requests (Cross-Origin-Resource-Sharing) - ie. requests from one domain to another, something that is by default forbidden by the same origin policy.

Perhaps the best explanation is here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS which also links to a site with demos http://arunranga.com/examples/access-control/

evancz commented 5 years ago

Thanks for the additional resources. I misunderstood what Host was for it seems!