[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [donate/master] Revert "Use wildcard for Access-Control-Allow-Origin"

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [donate/master] Revert "Use wildcard for Access-Control-Allow-Origin"
From: peterh@xxxxxxxxxxxxxx
Date: Tue, 11 May 2021 21:17:51 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 11 May 2021 17:18:25 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Peter Haight <peterh@xxxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit 3df82c4eeb72db90348e40514b280d96accdc833
Author: Peter Haight <peterh@xxxxxxxxxxxxxxx>
Date:   Wed Oct 21 11:46:12 2020 -0700

    Revert "Use wildcard for Access-Control-Allow-Origin"
    
    This reverts commit 9a7940ba9994789293b44c64632822cc849c918c.
    
    This didn't work because then we get this error in the browser:
    
    Access to fetch at
    'https://donate-api.torproject.org/setExpressCheckout' from origin
    'https://donate.torproject.org' has been blocked by CORS policy:
    Response to preflight request doesn't pass access control check: The
    value of the 'Access-Control-Allow-Origin' header in the response must
    not be the wildcard '*' when the request's credentials mode is
    'include'.
---
 src/AccessControlMiddleware.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/AccessControlMiddleware.php b/src/AccessControlMiddleware.php
index d5b7381d..d900fa63 100644
--- a/src/AccessControlMiddleware.php
+++ b/src/AccessControlMiddleware.php
@@ -4,7 +4,7 @@ namespace Tor;
 
 class AccessControlMiddleware {
   public function __invoke($request, $response, $next) {
-    $response = $response->withHeader('Access-Control-Allow-Origin', '*');
+    $response = $response->withHeader('Access-Control-Allow-Origin', $this->torSiteBaseUrl);
     $response = $response->withHeader('Access-Control-Allow-Credentials', 'true');
     $response = $response->withHeader('Access-Control-Allow-Headers', 'Content-Type');
     return $next($request, $response);



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [donate/master] Use subscriptionErrorUrl instead of referrer
Next by Author: [tor-commits] [donate/master] Set allowed origin header for onion hosts
Previous by thread: [tor-commits] [donate/master] Fixed Uncaught Exception Error: "Class 'Tor\Uri' not found"
Next by thread: [tor-commits] [donate/master] Use subscriptionErrorUrl instead of referrer
Index(es):
- Author
- Thread