Comments (3)
Chrome also sets Origin
and Content-Type
. Content-Type seems to only be a simple header for some values, which is a bit weird, but I think it should be safe to also allow it by default (especially because other browsers don't even list it in the preflight request). Origin is not a simple header according to the spec, but given that it should always be set for a CORS request, it also makes sense to include it in the list of always accepted headers.
from nelmiocorsbundle.
Origin ok, but Content-Type shouldn't be allowed by default I think. Because the spec clearly says it shouldn't be sent unless it's value is different than this and that. So I'd rather not include it, since it's easy to "fix" in your app config.
from nelmiocorsbundle.
Alright, that works for me. Still weird that chrome deems it necessary to send this header.
from nelmiocorsbundle.
Related Issues (20)
- https POST request has blocked by CORS policy HOT 6
- PHP Fatal error HOT 3
- Reflected XSS vulnerability
- 400 Bad request on Preflight (CORS Preflight Did Not Succeed) - Symfony 4 HOT 4
- Symfony 5: 502 Bad Gateway HOT 1
- Allow multiple domains for X-Frame-Options (clickjacking) HOT 1
- NelmioCorsBundle not setting ALLOW_ORIGINS (Heroku Server) HOT 2
- Automatic added Vary-header blocks vary-config from SensioFrameworkExtraBundle-annotation HOT 2
- Symfony 6 compatibility HOT 4
- No 'Access-Control-Allow-Origin' header only for some clients HOT 5
- missing CORS header 'Access-Control-Allow-Origin' Front-End REACT, Back-End Symfony 5 with Api Platform and NelmioCorsBundle HOT 14
- Is this project/repository abandoned? HOT 2
- version 2.3.0 blocks use of psr/log:3.0.0, which the latest version of monolog/monolog requires HOT 2
- POST Request returns 400 with wrong Headers HOT 2
- Symfony 7 support HOT 5
- ERR_ABORTED 500 Response to preflight request doesn't pass access control check: It does not have HTTP ok status HOT 1
- allow_credentials: true is ignored
- Usage of logger within the bundle HOT 2
- How to inject logger into CorsListener?
- Question: multiple allow_origin entries
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nelmiocorsbundle.