Skip to content
This repository has been archived by the owner on Feb 12, 2024. It is now read-only.

fix: reject requests when cors origin list is empty (#3674) #3676

Conversation

achingbrain
Copy link
Member

If CORS origin list is empty, Hapi throws an error as it considers
that to be invalid configuration.

We want to reject requests that send and origin or a referer when
no allowed origins have been configured, so when these headers are
sent, reject the request if no allowed origins are present in the
config.

Co-authored-by: Vasco Santos vasco.santos@moxy.studio
Co-authored-by: Marcin Rataj lidel@lidel.org

achingbrain and others added 2 commits May 7, 2021 12:04
If CORS origin list is empty, Hapi throws an error as it considers
that to be invalid configuration.

We want to reject requests that send and origin or a referer when
no allowed origins have been configured, so when these headers are
sent, reject the request if no allowed origins are present in the
config.

Co-authored-by: Vasco Santos <vasco.santos@moxy.studio>
Co-authored-by: Marcin Rataj <lidel@lidel.org>
@achingbrain achingbrain merged commit 3e67f0a into release/v0.54.x May 7, 2021
@achingbrain achingbrain deleted the fix/backport-reject-requests-when-cors-origin-list-is-empty branch May 7, 2021 14:51
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants