Open chrif opened 4 years ago
Just tagged 2.0 out of master, so yeah there is no way back there, but could do a 1.5.7 with the fix if you can figure out what the problem is. There weren't that many changes in between https://github.com/nelmio/NelmioCorsBundle/compare/1.5.6...master Sorry right now don't have time to investigate further.
Would it be possible to enhance Symfony's Http Cache so it could work together with the allow_origin
policy, so we do not need to set forced_allow_origin_value
?
I'm not sure here if this should be fixed or not https://github.com/nelmio/NelmioCorsBundle/pull/72 is the reason it is always set I believe - but maybe it isn't needed anymore now that we set Vary:Origin on response headers
The response listener for
forced_allow_origin_value
is added before the call tocheckOrigin
. This results in theAccess-Control-Allow-Origin
header being added regardless of theallow_origin
config, which is the opposite of the documented behavior:I need the latest version of Nelmio supporting Symfony 3. I tried to use
dev-master
as it seems fixed there, but it requires Symfony 4. Would a patch for Symfony 3 be possible?In the meantime I'll just extend the listener and check origin there:
Thanks!