-
-
Notifications
You must be signed in to change notification settings - Fork 796
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow for empty corsExposedHeaders #737
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dnalborczyk should we merge?
Thanks @perrin4869 for the PR, it's under consideration! |
@dherault I actually wanted to ask you about this topic. I would need to look into this more deeply, what on that matter, I was wondering what those flags are used for:
I'm wondering if those should be rather removed in a next major release? |
this was undoubtedly something which was not intended and slipped through the cracks with the update to hapi v18. is this what you are talking about?
could you elaborate more with some examples the what it does now (v5), maybe what it did do (v4), and even better, what it should do in your opinion.
same as before, could you also elaborate more with some examples? |
I'm not sure. If you set |
Hm... maybe the discussion regarding CORS in v4 vs v5 should be moved into a separate issue, seeing as this PR is nothing more than a very simple bugfix/feature (just enables you to pass an empty string to |
just trying to understand what their use case is about. I never had the need for those when I used CORS. |
this is not a discussion. to give any valuable feedback on the issue I'd like to understand the full picture, even though it might look like it has nothing to do with your issue in particular . your PR might fix an issue just for your use case with this.options.corsAllowOrigin = this.options.corsAllowOrigin
.replace(/\s/g, '')
.split(',');
this.options.corsAllowHeaders = this.options.corsAllowHeaders
.replace(/\s/g, '')
.split(',');
this.options.corsExposedHeaders = this.options.corsExposedHeaders
.replace(/\s/g, '')
.split(',')
.filter(header => header !== ''); |
826a135
to
d0695ce
Compare
Upgrading from
v4
tov5
broke a lot of my tests regardingcors
due to the upgrade tohapi@18
. For some reason now, there arecorsExposedHeaders
set by default. Maybe an empty string, or empty array should be the default? I don't see whyserverless-offline
should have a an opinion on which headers should be exposed by default.Another problem that I didn't address here is that now, returning
access-control-allow-origin
headers from a lambda gets ignored, and overwritten byhapi
intoaccess-control-allow-origin: event.headers.Origin
, while before the headers returned by the lambda would get respected.