Open achingbrain opened 2 months ago
I would say also, the GET test expects the following headers to be present in the response:
Of these only Access-Control-Allow-Origin
is valid in the response to a CORS request, the others are for a CORS-preflight request (e.g. OPTIONS
, not GET
) so I don't think this test is valid. Ref - https://fetch.spec.whatwg.org/#http-responses
Is it just asserting on the behaviour of the go-HTTP server? There's no mention of CORS in any of the HTTP Gateway specs so it's unclear what's intended to happen here.
There's a test:
It makes a GET request to
"/ipfs/{{CID}}/"
and expectsAccess-Control-Allow-Origin
etc in the response.The test sends:
The fetch spec says:
There is no
Origin
header in the request, so this is not a CORS request.Why does the test expect CORS headers in the response?