Comments (4)
Right, it's not too complicated -- my concern is more to do with whether it's the right thing to do from an overall design standpoint. I think the approach you've explained is the right one though.
from shynet.
Yeah, good catch. This is challenging. I'm hesitant about doing some kind of server-side parsing of hostnames, but it seems like the only option.
from shynet.
Alternatively, we can set the Access-Control-Allow-Origin
header to be always be *
and do hostname filtering during the ingress step. The client just won't know its requests are being sent into a black hole. That feels like a regression from a visibility/debugging standpoint, but also feels a bit less hacky than dynamically parsing the requested host and responding accordingly.
from shynet.
You don't really need to do any parsing - it's a simple check if the origin is in the list of allowed origins. Psuedo code:
if request.headers["Origin"] in allowed_origins:
response.headers["Access-Control-Allow-Origin"] = request.headers["Origin"]
See the spec: https://fetch.spec.whatwg.org/#http-access-control-allow-origin
The Access-Control-Allow-Origin header is strict enough that it's just a string equality check.
from shynet.
Related Issues (20)
- Statistics included from local development? HOT 2
- Unify GPC header support
- Performance issue HOT 8
- [Discussion] Support Docker Secrets HOT 2
- Is there a free host option? HOT 2
- Missing Docker image for version 0.13.0 HOT 5
- Reset password HOT 2
- Add the ability to create an admin user from environment variables HOT 1
- Github container's last publish date was over 3 years ago.
- No support for redis sentinel caches. HOT 4
- Fix tests GitHub Action
- Don't commit MaxMind license key to your repository HOT 6
- Unknown icons cannot load HOT 1
- 502 Bad Gateway HOT 2
- Install SSL
- Question regarding Requests HOT 2
- cannot load HOT 1
- Correct hostname for emails HOT 3
- docker SSL setup
- Install as app into existing Django backends HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from shynet.