You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Determining if a request is cross-origin is currently implemented by checking the hostname of the current page and the remote URL. This is not in accordance with the specification, where the origin is considered to be scheme + domain + port. In addition, the check currently allows subdomains - which is also not in accordance with it.
To Reproduce
Steps to reproduce the behavior:
Do a request from http://localhost:1234 to http://localhost:9876
Request should have triggered cross-origin behavior (port differs), but currently does not
Do a request from http://some.host to http://sub.some.host
Request should have triggered cross-origin behavior (hostname differs), but currently does not
Expected behavior
Should follow browser behavior for cross-origin requests
The text was updated successfully, but these errors were encountered:
Describe the bug
Determining if a request is cross-origin is currently implemented by checking the
hostname
of the current page and the remote URL. This is not in accordance with the specification, where the origin is considered to be scheme + domain + port. In addition, the check currently allows subdomains - which is also not in accordance with it.To Reproduce
Steps to reproduce the behavior:
http://localhost:1234
tohttp://localhost:9876
http://some.host
tohttp://sub.some.host
Expected behavior
Should follow browser behavior for cross-origin requests
The text was updated successfully, but these errors were encountered: