Refactor CORS handler (#28587)
The CORS code has been unmaintained for long time, and the behavior is not correct. This PR tries to improve it. The key point is written as comment in code. And add more tests. Fix #28515 Fix #27642 Fix #17098
This commit is contained in:
wxiaoguang
GitHub
parent
d0f24ff4ca
commit
b41925cee3
11 changed files with 131 additions and 78 deletions
|
|
@ -196,9 +196,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
|
|||
## CORS (`cors`)
|
||||
|
||||
- `ENABLED`: **false**: enable cors headers (disabled by default)
|
||||
- `SCHEME`: **http**: scheme of allowed requests
|
||||
- `ALLOW_DOMAIN`: **\***: list of requesting domains that are allowed
|
||||
- `ALLOW_SUBDOMAIN`: **false**: allow subdomains of headers listed above to request
|
||||
- `ALLOW_DOMAIN`: **\***: list of requesting origins that are allowed, eg: "https://*.example.com"
|
||||
- `METHODS`: **GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS**: list of methods allowed to request
|
||||
- `MAX_AGE`: **10m**: max time to cache response
|
||||
- `ALLOW_CREDENTIALS`: **false**: allow request with credentials
|
||||
|
|
|
|||
|
|
@ -195,9 +195,7 @@ menu:
|
|||
## 跨域 (`cors`)
|
||||
|
||||
- `ENABLED`: **false**: 启用 CORS 头部(默认禁用)
|
||||
- `SCHEME`: **http**: 允许请求的协议
|
||||
- `ALLOW_DOMAIN`: **\***: 允许请求的域名列表
|
||||
- `ALLOW_SUBDOMAIN`: **false**: 允许上述列出的头部的子域名发出请求。
|
||||
- `METHODS`: **GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS**: 允许发起的请求方式列表
|
||||
- `MAX_AGE`: **10m**: 缓存响应的最大时间
|
||||
- `ALLOW_CREDENTIALS`: **false**: 允许带有凭据的请求
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue