Add an option to ignore or not the http header "Origin"#165
Conversation
Add an parameter to decide whether or not to keep the header "Origin". If the target server does not support CORS and the request has an "Origin", a failure will happen. When ignore the "Origin" item, everything will be just fine.
|
I wonder if this would break a pre-flight CORS request? I dunno; if I had more evidence this approach is used elsewhere then I might be inclined to include it. I'd be inclined to include a generalized header stripper thing that basically added to hopByHopHeaders (well, not the static one but a new one for the instance of the servlet). Such a generalized mechanism would take a comma delimited list of headers. |
|
In my case, the servlet just works for my own frontend. The site shows many apis by swagger docs. And the requests to the apis will be passed through the servlet. So there may be no needs for pre-flight CORS requests. Anyway, this will do no harm if you just leave the option as it not exists. |
2 participants
Add a parameter to decide whether or not to keep the header "Origin". If the target server does not support CORS(As I have actually met) and the request has an "Origin", a failure will happen.
When ignore the "Origin", everything will be just fine.