expede
commented
3 years ago Aaaaaaand please bump the version number before merging
Closed matheus23 closed 3 years ago
expede
commented
3 years ago Aaaaaaand please bump the version number before merging
matheus23
commented
3 years ago Closes #491
This is implementing option 2 from #491
I don't expect this to be merged, this is just me trying to see what this solution looks like.
This gets rid of unexpected CORS errors on the front-end when there's an internal server error. So instead of a CORS error it now looks like this in front-ends:
Another benefit is that anything that's creating a bad request will now also return with CORS headers.
I'm pretty sure having an accept-anything CORS header is fine here, as the response will never reveal any information, only a status code + a "Bad Request" or "Something went wrong" body.