Consider adding Vary header

spatie / laravel-cors

Send CORS headers in a Laravel application

https://spatie.be/en/opensource/laravel

MIT License

603 stars 59 forks source link

Consider adding Vary header #73

Closed ifduyue closed 4 years ago

ifduyue commented 4 years ago

From https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin#CORS_and_caching:

If the server sends a response with an Access-Control-Allow-Origin value that is an explicit origin (rather than the "*" wildcard), then the response should also include a Vary response header with the value Origin — to indicate to browsers that server responses can differ based on the value of the Origin request header.

Is this necessary?

ifduyue commented 4 years ago

This can be easily achieved by subclassing Spatie\Cors\CorsProfile\DefaultProfile