feat(http): add flag/config to allow CORS requests, close #229 #293
Conversation
you should be able to write a functional test as you would in Go but I believe we don't have a test case available to get you inspired |
|
@Kocal did you get a change to have a look for a test? |
|
@tucksaun not at all, I can try to take a look in the next days |
|
@Kocal I guess we are good, it's not worst than the actual situation :) |
| @@ -212,6 +213,10 @@ func (s *Server) ProxyHandler(w http.ResponseWriter, r *http.Request) { | |||
|
|
|||
| // Handler handles HTTP requests | |||
| func (s *Server) Handler(w http.ResponseWriter, r *http.Request) { | |||
| if s.AllowCORS { | |||
| w.Header().Add("Access-Control-Allow-Origin", "*") | |||
There was a problem hiding this comment.
I'm wondering if we should not add default CORS values (see what Gorillw used to have: https://github.com/gorilla/handlers/blob/546854cf1d61a016260b224e2526a29ff5b5c5ae/cors.go#L28-L32)
There was a problem hiding this comment.
We should also be careful not to override header sent by the upstream app
|
I use What is the use case for this feature? For all application request I'd rather let the application handle the headers. This would be useful only for static files? Though we normally don't load static files over XHR/fetch. I think this should only be added to headers if symfony-cli is serving static file. If servering a request via php, let php handle the headers. |
|
Serving static files is one use case indeed. But you can also imagine running a JS development server alongside the CLI and both can be on different domain/port and this causes issues. But only in dev, so you might not want to (or not allowed to) introduce nelmio cors. |
Hi everyone, this PR is a proposal for #229.
A new flag
--allow-corshas been added toserver:startcommand, and to confighttp.allow_corsin.symfony.local.yaml.When allowing CORS, the header
Access-Control-Allow-Origin: *is added to each response.Is there a way to add automated tests for that?
Thanks!