Closed Toflar closed 5 years ago
Thanks
I'm late here, but isn't it a fix which can also replace the need for forced_allow_origin_value
configuration parameter?
if the cache now changes, depending on the Origin
header, then I think I don't need the forced_allow_origin_value
anymore 🤷♂
this was something i've noted in this PR: https://github.com/nelmio/NelmioCorsBundle/pull/72
Note: As @Seldaek said, we could also set a Vary: Origin header to workaround the cache issues instead of merging this PR (if the cache system supports it).
anyway, I'll try to remove it in one of our project in production to see if it's still useful for us, if it's not, maybe we could consider removing this extra parameter from this bundle (or at least starting to deprecate it for a while and see if people open some issues about it before effectively removing it)
Hey Jordi 😄
Just had an issue where my browser cache went crazy because the response of my API was still in the cache even though I developed locally. This is due to the missing
Vary
header on theOrigin
header.More on that: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin#CORS_and_caching