Closed cjnqt closed 8 years ago
@cjnqt yes this is the current behavior. The previous version of crumb did allow both same-origin and CORS on the same route. The workaround would be to have a route for the presumably server rendered site and then a separate route for api access using CORS. You can use the same handler in multiple routes.
@hueniverse this is the scenario I was trying unsuccessfully to explain and what the extra logic was in the previous version before switching to using request.info.cors.isOriginMatch
. Is there a way to reliably qualify same-origin requests in Hapi?
Well, the previous code just didn't work. I am pretty sure that extra logic was working only in the tests. Why not simply configure the same origin in the allowed cors origins?
I think adding the domain to cors allowed origins is definitely an adequate solution. @cjnqt can you please confirm if that works for you? On Mar 3, 2016 5:16 PM, "Eran Hammer" notifications@github.com wrote:
Well, the previous code just didn't work. I am pretty sure that extra logic was working only in the tests. Why not simply configure the same origin in the allowed cors origins?
— Reply to this email directly or view it on GitHub https://github.com/hapijs/crumb/issues/71#issuecomment-191991198.
Confirmed!
This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.
I have a server set up at
http://somedomain.com
. I have enabled cors on a specific route:Ajax-requests from
http://otherdomain.com:3000
works fine and Crumb generates a token as expected.But if I do an ajax-request from
http://somedomain.com
(the same domain the server is running on) to this route, Crumb doesn't generate a token.It seems like enabling cors implies that only cross-domain requests are allowed? Is this correct?