Skip to content

Simplify Whitelisted Headers#8

Open
rymndhng wants to merge 1 commit intomasterfrom
kaizen-improvements
Open

Simplify Whitelisted Headers#8
rymndhng wants to merge 1 commit intomasterfrom
kaizen-improvements

Conversation

@rymndhng
Copy link
Copy Markdown
Contributor

@rymndhng rymndhng commented Mar 5, 2016

Refactor simple-headers-wo-content-type to access-control-request-headers-whitelist.

The whitelist behaves differently by set/difference-ing
access-control-request-headers instead of set/union the
access-control-allowed-headers. This way, we do not put unnecessary
headers in the response access-control-allowed-headers.

From testing, the only required header in the whitelist is
"Origin". Safari always sends this in "Access-Control-Request-Headers"
during pre-flight, whereas the Firefox and Chrome do not.

@rymndhng rymndhng force-pushed the kaizen-improvements branch from 57c0426 to 709cfd1 Compare March 5, 2016 07:57
Simplify Whitelisted Headers
5bb23ff 
Refactor simple-headers-wo-content-type to access-control-request-headers-whitelist.

The whitelist behaves differently by `set/difference`-ing
`access-control-request-headers` instead of `set/union` the
`access-control-allowed-headers`. This way, we do not put unnecessary
headers in the response `access-control-allowed-headers`.

From testing, the only required header in the whitelist is
"Origin". Safari always sends this in "Access-Control-Request-Headers"
during pre-flight, whereas the Firefox and Chrome do not.
@rymndhng rymndhng force-pushed the kaizen-improvements branch from 709cfd1 to 5bb23ff Compare March 5, 2016 07:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rymndhng