CORS + Cookies flags #790
Closed
CORS + Cookies flags #790
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #790 +/- ##
==========================================
- Coverage 62.65% 62.63% -0.03%
==========================================
Files 199 199
Lines 18196 18210 +14
==========================================
+ Hits 11401 11405 +4
- Misses 5713 5724 +11
+ Partials 1082 1081 -1 ☔ View full report in Codecov by Sentry. |
cmd/thor/flags.go
Outdated
| @@ -69,6 +69,14 @@ var ( | |||
| Value: 1000, | |||
| Usage: "limit the number of logs returned by /logs API", | |||
| } | |||
| apiAllowedCredsFlag = cli.BoolFlag{ | |||
There was a problem hiding this comment.
can we add these flags to readme with some kind of description / example please ? 😄
* simplify to one flag * readme --------- Co-authored-by: otherview <[email protected]>
|
Now that google scraps their plan to block 3rd party cookies, perhaps it's a good idea to explore this implementation further? |
|
This pull request has been marked as stale due to inactivity. It will be closed if no further activity occurs. Thank you for your contributions. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This is a tentative fix for https://github.com/vechain/b3tr/issues/1123#issuecomment-2219331553
Issue:
Link with more info here
The standard suggestion fix seems to be :
If, instead, you need to adjust the server's behavior, you'll need to change the value of Access-Control-Allow-Origin to grant access to the origin from which the client is loaded.
This PR adds the following flags:
api-allowed-credsandapi-allowed-originsthat used together changes the response headers so that it's ok to use Cookies and CORS.api-allowed-credssets theAccess-Control-Allow-Credentialsheader to true.api-allowed-originssets the Access-Control-Allow-Origin to be set as the Origin request.Example:
Before
Request{ Type:GET, To:www.yahoo.com, Header{'Origin:www.google.com', 'Access-Control-Allow-Credentials: true'}}Response{ Type:GET, To:www.yahoo.com, Header{Access-Control-Allow-Origin:"*"}}- which failsWith flags enabled
Request{ Type:GET, To:www.yahoo.com, Header{'Origin:www.google.com', 'Access-Control-Allow-Credentials: true'}}Response{ Type:GET, To:www.yahoo.com, Header{Access-Control-Allow-Origin:"www.google.com", 'Access-Control-Allow-Credentials: true'}}- which is okFixes # (issue)
Type of change
Please delete options that are not relevant.
How Has This Been Tested?
Checklist: