The current condition for ring-cors to be triggered is only to check the presence of an Origin header on the request.
Some browsers like Chrome always send that header even for same domain origin requests, thus ring-cors is triggered where it shouldn't, leading to unexpected behavior.
I think it would be best to check the presence of Origin as well as a mismatch between Origin and Host instead.
The current condition for ring-cors to be triggered is only to check the presence of an
Origin
header on the request.Some browsers like Chrome always send that header even for same domain origin requests, thus ring-cors is triggered where it shouldn't, leading to unexpected behavior.
I think it would be best to check the presence of
Origin
as well as a mismatch betweenOrigin
andHost
instead.