jjkoh95
commented
1 year ago Can I take a look at this? Thanks
Open Meppo opened 1 year ago
jjkoh95
commented
1 year ago Can I take a look at this? Thanks
zcong1993
commented
1 year ago IMO it is dangerous to set back the request origin as default behaviour of allow all domains, and other frameworks don't do it either.
When withCredentials is set to true, it is trying to send credentials or cookies along with the request. As that means another origin is potentially trying to do authenticated requests, the wildcard ("*") is not permitted as the "Access-Control-Allow-Origin" header.
https://stackoverflow.com/questions/42803394/cors-credentials-mode-is-include
mahfoos
commented
9 months ago Hi, Can i take look in this Thanks
majjikishore007
commented
8 months ago Hi is this issue still open
yanzhuiyun
commented
7 months ago Please assign the issue to me and I will try to solve it
saleroa
commented
6 days ago it looks intertsting , please assign me !
Issues-translate-bot
commented
6 days ago Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑🤝🧑👫🧑🏿🤝🧑🏻👩🏾🤝👨🏿👬🏿
it looks intertsting , please assign me !
go-zero v1.5.1
rest.withCors 返回的 Access-Control-Allow-Origin:* 现在浏览器都不认这个了
rest.WithCustomCors() 也只能用来固定返回哪几个Origin
建议直接支持 设置 Access-Control-Allow-Origin: 原请求中的Origin