Comments (14)
sstern6
commented on July 20, 2024
1
Had the same issue as @nicooga, removed [origin: "localhost: 4000"] from plug CORSPlug and I was able to get the response back without The 'Access-Control-Allow-Origin' header contains the invalid value 'null'.
from cors_plug.
mschae
commented on July 20, 2024
@nicooga Hard to track down from the information provided. Maybe provide the output of this:
curl -svo /dev/null -XOPTION https://9e68e012.ngrok.io/api/expenditures
curl -svo /dev/null https://9e68e012.ngrok.io/api/expenditures
from cors_plug.
nicooga
commented on July 20, 2024
I choosed to just plug CORSPlug without options for now. If I find issues using a named origin instead of a wildcard later I'll reopen the issue. Thanks for the response!
from cors_plug.
linjunpop
commented on July 20, 2024
I found that the client attached the Origin header with content which is in the config list, or the Access-Control-Allow-Origin will be null, according to this:
Line 61 in 1172d3d
from cors_plug.
mschae
commented on July 20, 2024
Sorry for the radio silence, swamped lately... Will check this out shortly. PRs are always welcome tho :)
from cors_plug.
sstern6
commented on July 20, 2024
Will take a look and see if I can make any changes. Will let you know if I have any questions
Thanks
from cors_plug.
VJ-OK
commented on July 20, 2024
Not working for me. :(
from cors_plug.
jschneider1207
commented on July 20, 2024
This was happening to me because the requests coming into my server had the origin header with a capital "O", and this is specifically looking for origin (lowercase).
from cors_plug.
oskarrough
commented on July 20, 2024
Hi, I'm also seeing null as the value. I've set
plug CORSPlug, origin: ["https://example.com", "https://another.com"]
plug MyApp.Router
… but If I do
plug CORSPlug
plug MyApp.Router
the value is * as per the default options.
So something IS working and I assume the error is in my configuration. Any help would be appreciated.
from cors_plug.
linjunpop
commented on July 20, 2024
@oskarrough Did you check what's the value of the request Origin header? As I mentioned in #18 (comment)
from cors_plug.
oskarrough
commented on July 20, 2024
@linjunpop ooooh, thank you. Checking the value I discovered a typo in my domain…
from cors_plug.
linjunpop
commented on July 20, 2024
@mschae IMO this behaviour is confusing, is that expected?
from cors_plug.
mschae
commented on July 20, 2024
@linjunpop I don't understand the behaviour you are describing. Please elaborate following standard issue reporting guidelines: What behaviour do you expect. What behaviour are you seeing instead? Why do you believe this is wrong?
from cors_plug.
linjunpop
commented on July 20, 2024
Oh, my mistake, https://www.w3.org/TR/cors/#access-control-allow-origin-response-header describe the null is valid.
from cors_plug.
Related Issues (20)
- Origin validation on OPTIONS HOT 3
- No CORS headers embedded in Plug.ErrorHandler code path HOT 2
- General CORS library HOT 3
- Options Requests without `Access-Control-Request-Method` should not be halted
- Unreachable code? HOT 2
- Support Plug 1.7 dependency HOT 1
- "Access-Control-Allow-Origin" is null when using regex for origin? HOT 3
- Configuration not working with Elixir 1.9 releases HOT 3
- Regex from string HOT 1
- FunctionClauseError when origin option is a list containing a regex HOT 1
- Regex isn't working on preflight request HOT 5
- A way to enable logging - difficult to configure HOT 3
- CORS Header empty HOT 2
- Looks like init function is called during the compile time HOT 1
- Access-Control-Allow-Credentials should not be included if set to false
- Headers cannot be set dynamically
- Minor security issue with origin checks
- Using config.ex does not work HOT 1
- default config of origin: * and credentials: true seems invalid?
- cors-rfc1918
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cors_plug.