Don't use "null" for `Access-Control-Allow-Origin`

jdesrosiers / sinatra-cors

CORS support for Sinatra applications

26 stars 4 forks source link

Don't use "null" for `Access-Control-Allow-Origin` #2

Closed Akcbryant closed 7 years ago

Akcbryant commented 7 years ago

Should we test that the other headers are not set as well? The spec seemed to just say "don't use null" not necessarily what to use instead?

jdesrosiers commented 7 years ago

Yes, I'd like the behavior to be that no Access-Control headers are returned in this situation even though that isn't explicitly required. We should have tests that show that is the case for both preflight and actual requests.