The access-control-allow-origin value was being sourced from the referrer, which resulted in a trailing / and caused CORS pre-flight requests to fail.
This change sources the allowed origin from origin header, ensures it's the same for cors responses pre and post the pre-flight request, and adds the access-control-allow-credentials header.
The
access-control-allow-originvalue was being sourced from the referrer, which resulted in a trailing/and caused CORS pre-flight requests to fail.This change sources the allowed origin from
originheader, ensures it's the same for cors responses pre and post the pre-flight request, and adds theaccess-control-allow-credentialsheader.See also https://github.com/pact-foundation/pact-js/issues/943.