CORS only for OPTIONS?
by Juraci Paixão Kröhling
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hello,
I've noticed that KC sets the CORS headers only during pre-flight
request, not on the regular requests. While this is in accordance with
the documentation, I'm wondering if there's a reason for not sending
the CORS headers for non-OPTIONS headers as well. As it currently is,
I'd have to implement the CORS response filter in my application
anyway, so, I'm wondering in which scenarios I'd delegate this to KC.
By the way, it seems that setting "enable-cors" to false has no
effect, as the headers are still being added by KC.
Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBCgAGBQJTPFlTAAoJEDnJtskdmzLMWsMIAJ8vUxOUz+XKJQqQD5TceG40
d0A0TZC4zuypgezorGASvL7mSb7NbElytI07zXfH1fD/kNwCZn3wO1oyXNjGA+BY
TzVB+jfViDpEYNYqtlL93WlkcqS+uaAmrBL0ag1N6L1OHWlN7QnYhxIZckSgTW99
t0P3U02Qr0dnmKuS8JzeKemKKC8rF3uR0cIBRi7+s3gsBUXDWmL9fYAvzcSLcX5h
mA4Qn7eGCW6T5bSE6HzTzCtSxFbpkuSRQwXb77+n4HnZ2RHMGdeDLcMcObEIr2RF
63w2XafaJ2/p9yVRL55gwuyQH198p8dzpvBfvxO5sGMreTCeWt2nDfnBrjBNxek=
=DfVk
-----END PGP SIGNATURE-----