Closed michielbdejong closed 5 years ago
I think we had an issue open for this - for a public resource, or rather, when a resource is access without a bearer token, the origin header should not be a reason to deny access.
Currently seeing: curl http://michiel2.localhost:8080/profile/card -i => 200 But: curl http://michiel2.localhost:8080/profile/card -H 'Origin: http://localhost:3000' -i => 401
curl http://michiel2.localhost:8080/profile/card -i
curl http://michiel2.localhost:8080/profile/card -H 'Origin: http://localhost:3000' -i
I think we had an issue open for this - for a public resource, or rather, when a resource is access without a bearer token, the origin header should not be a reason to deny access.
Currently seeing:
curl http://michiel2.localhost:8080/profile/card -i
=> 200 But:curl http://michiel2.localhost:8080/profile/card -H 'Origin: http://localhost:3000' -i
=> 401