Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Add missingOrigin to theVary header value when CORS enabled#534

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged

Conversation

joseluisq
Copy link
Collaborator

@joseluisqjoseluisq commentedMar 24, 2025
edited
Loading

Description

This PR includes the missingOrigin header to the resultingVary header value when the CORS feature is enabled according tohttps://fetch.spec.whatwg.org/#example-vary-origin.

Related Issue

Itresolves#533

Motivation and Context

How Has This Been Tested?

static-web-server -p 8788 -d ./docker/public/ -g trace -ztrue'-c=*'

Before

$ curl -I -H"Origin: http://devel.local:8788" http://localhost:8788/assets/main.js# HTTP/1.1 200 OK# content-length: 52# content-type: text/javascript# accept-ranges: bytes# last-modified: Mon, 10 Feb 2025 21:00:47 GMT# access-control-allow-headers: content-type, origin, authorization# access-control-expose-headers: origin, content-type# access-control-allow-methods: OPTIONS, GET, HEAD# access-control-allow-origin: http://devel.local:8788# vary: accept-encoding# cache-control: public, max-age=31536000# date: Mon, 24 Mar 2025 03:20:15 GMT

After

$ curl -I -H"Origin: http://devel.local:8788" http://localhost:8788/assets/main.js# HTTP/1.1 200 OK# content-length: 52# content-type: text/javascript# accept-ranges: bytes# last-modified: Mon, 10 Feb 2025 21:00:47 GMT# access-control-allow-headers: content-type, origin, authorization# access-control-expose-headers: origin, content-type# access-control-allow-methods: GET, HEAD, OPTIONS# access-control-allow-origin: http://devel.local:8788# vary: origin,accept-encoding# cache-control: public, max-age=31536000# date: Mon, 24 Mar 2025 03:22:44 GM

Preflight request

$ curl http://localhost:8788/assets/main.js \    -I -X OPTIONS \    -H"Access-Control-Request-Method: HEAD" \    -H"Access-Control-Request-Headers: content-type" \    -H"Origin: http://localhost:8787"# HTTP/1.1 204 No Content# vary: origin,accept-encoding# accept-ranges: bytes# access-control-allow-headers: origin, content-type, authorization# access-control-expose-headers: content-type, origin# access-control-allow-methods: HEAD, OPTIONS, GET# access-control-allow-origin: http://localhost:8787# cache-control: public, max-age=31536000# date: Mon, 24 Mar 2025 03:36:53 GMT

Without CORS:

$ static-web-server -p 8788 -d ./docker/public/ -g trace$ curl -I -H"Origin: http://devel.local:8788" http://localhost:8788/assets/main.js# HTTP/1.1 200 OK# content-length: 52# content-type: text/javascript# accept-ranges: bytes# last-modified: Mon, 10 Feb 2025 21:00:47 GMT# vary: accept-encoding# cache-control: public, max-age=31536000# date: Mon, 24 Mar 2025 03:27:08 GMT

Screenshots (if appropriate):

@joseluisqjoseluisq added v2v2 release bugfixThis is PR fixes a bug labelsMar 24, 2025
@semanticdiff-comSemanticDiff.com
Copy link

semanticdiff-combot commentedMar 24, 2025
edited
Loading

Review changes with  SemanticDiff

Changed Files
FileStatus
  src/testing.rs  47% smaller
  tests/compression.rs  39% smaller
  tests/rewrites.rs  38% smaller
  tests/compression_static.rs  36% smaller
  tests/handler.rs  26% smaller
  tests/redirects.rs  24% smaller
  src/compression_static.rs  10% smaller
  tests/cors.rs  5% smaller
  src/compression.rs  0% smaller
  src/cors.rs  0% smaller

@joseluisqjoseluisq added this to thev2.36.1 milestoneMar 24, 2025
@joseluisqjoseluisqforce-pushed thefix-cors-response-missing-origin-in-vary-header branch fromf7f2f54 to09c2bbeCompareMarch 27, 2025 03:51
@joseluisqjoseluisqforce-pushed thefix-cors-response-missing-origin-in-vary-header branch from09c2bbe tobaecce8CompareMarch 27, 2025 16:54
@joseluisqjoseluisq merged commit2a74187 intomasterMar 27, 2025
36 checks passed
@joseluisqjoseluisq deleted the fix-cors-response-missing-origin-in-vary-header branchMarch 27, 2025 17:10
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bugfixThis is PR fixes a bugv2v2 release
Projects
None yet
Milestone
v2.36.1
Development

Successfully merging this pull request may close these issues.

Vary header should includeOrigin header when cors is enabled
1 participant
@joseluisq
[8]ページ先頭
©2009-2025 Movatter.jp