You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If the origin value is a list of urls, it uses the header value from the request, finds the origin from the list and sets the header to be exactly one URL matching the request origin. If the origin is not defined in the list, the header should be omitted.
Steps To Reproduce
Send a pre-flight request with Origin: https://example.com
Respond from a worker with CORS origins set to ["https://example.com", "https://lwn.net"]
Witness a CORS error in the browser
The text was updated successfully, but these errors were encountered:
Is there an existing issue for this?
What version of
workers-rsare you using?0.1.0
What version of
wranglerare you using?3.34.2
Describe the bug
When setting multiple origins to the CORS configuration:
And then sending a pre-flight request with
Originset ashttps://example.com, the response header is set like this:This will lead to a CORS error, because the header must be a single origin, not multiple. How tower-http does this is defined here:
https://github.com/tower-rs/tower-http/blob/main/tower-http/src/cors/allow_origin.rs#L124
If the origin value is a list of urls, it uses the header value from the request, finds the origin from the list and sets the header to be exactly one URL matching the request origin. If the origin is not defined in the list, the header should be omitted.
Steps To Reproduce
Origin: https://example.com["https://example.com", "https://lwn.net"]The text was updated successfully, but these errors were encountered: