Access-Control-Allow-Credentials header
jirenius opened this issue · 1 comments
jirenius commented
Issue
When a browser makes a CORS requests with credentials
set to include
, Resgate should include in the response the header:
Access-Control-Allow-Credentials: true
If the header is not included, the browsers will not expose the response to frontend JavaScript code.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
Notes
- The header should only be included if Resgate is configured with
headerAuth
.