Closed zishon closed 1 year ago
This is working as expected, since curl
does not send an origin
header in the request by default no access-control-allow-origin
is sent back. From MDN:
Only a single origin can be specified. If the server supports clients from multiple origins, it must return the origin for the specific client making the request.
If you use curl -i -X OPTIONS -H "origin: http://api.example.com:3000" http://127.0.0.1:3000/aaa
you should see the CORS header being returned.
Bug Report
Version
tower-http: 0.4.3
Platform
win10-64bit pro
Crates
axum 0.6.19 http 0.2.9
Description
AllowOrigin::list does not function as expected
I tried this code:
I expected to see this happen: when I curl as :curl -X OPTIONS http://127.0.0.1:3000/aaa -vvv, expected there is an response header: access-control-allow-origin: http://127.0.0.1:3000
Instead, this happened: but if I use AllowOrigin::list(),then I see no access-control-allow-origin response header.