Message7532
> An open question is what to return if an origin check fails in preflight or in cors.
> * return some 400 value
> * remove Access-Control-Allow-Origin header with no other change. This will fail a
> prefetch and prevent the data returned from being accessible to JavaScript IIUC.
i would vote for 403 (maybe 404 to not reveal too much)
and btw: how is the status now with the support for preflight requests ?
what can i do ? - the patch you provided in an earlier post was rejected
by you ... is there anything i can test or help ?
regards,
marcus. |
|
Date |
User |
Action |
Args |
2022-05-17 10:55:25 | marcus.priesch | set | recipients:
+ marcus.priesch, schlatterbeck, rouilj |
2022-05-17 10:55:25 | marcus.priesch | link | issue2551203 messages |
2022-05-17 10:55:25 | marcus.priesch | create | |
|