cortesi/devd

`Origin` header doesn't seem to affect `Access-Control-Allow-Origin` response header

zemlanin opened this issue · 2 comments

zemlanin commented

Am I reading this code block correctly? Should Access-Control-Allow-Origin repeat Origin header if it is present?

devd/server.go

Lines 200 to 214 in c1a3bfb

if dd.Cors {
origin := r.Header.Get("Origin")
if origin == "" {
origin = "*"
}
w.Header().Set("Access-Control-Allow-Origin", origin)
requestHeaders := r.Header.Get("Access-Control-Request-Headers")
if requestHeaders != "" {
w.Header().Set("Access-Control-Allow-Headers", requestHeaders)
}
requestMethod := r.Header.Get("Access-Control-Request-Method")
if requestMethod != "" {
w.Header().Set("Access-Control-Allow-Methods", requestMethod)
}
} 

> devd . -X --address="0.0.0.0" --port 8000 --logheaders

22:15:14: Route / -> reads files from .
22:15:14: Listening on http://devd.io:8000 ([::]:8000)
22:15:17: GET /
		User-Agent: curl/7.79.1
		Accept:     */*
		Origin:     http://devd.io:8001
		Referer:    http://devd.io:8001/
	<- 200 OK 7.7 kB
		Access-Control-Allow-Origin: *
		Last-Modified:               Wed, 06 Apr 2022 11:47:46 GMT
		Cache-Control:               no-store, must-revalidate
		Content-Length:              7684
22:15:29: GET /test.m3u8
		User-Agent: curl/7.79.1
		Accept:     */*
		Origin:     http://devd.io:8001
		Referer:    http://devd.io:8001/
	<- 200 OK 2.6 kB
		Access-Control-Allow-Origin: *
		Last-Modified:               Fri, 08 Apr 2022 19:11:38 GMT
		Content-Type:                application/x-mpegurl
		Content-Length:              2641

> devd --version
0.9
wader commented

Hi, i think the code your looking at was added after 0.9 so try master. https://github.com/cortesi/devd/blob/master/CHANGELOG.md

zemlanin commented

oh

  • 👍1