You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CORS headers evolved to a point where * wildcards are no longer compatible with all domains / variants.
Instead, CORS headers usually must explicitly list all headers etc. which are used in later requests.
Acceptance criteria:
Check which headers are currently being used.
Write an integration test, which collects all header types being received/sent, and compares them against a list of white listed headers.
Make sure that all actively used headers are defined in CORS header responses.
CORS headers evolved to a point where
*wildcards are no longer compatible with all domains / variants.Instead, CORS headers usually must explicitly list all headers etc. which are used in later requests.
Acceptance criteria: