Fork me on GitHub
#yada
<
2016-10-03
>
kurt-yagram09:10:37

got something weird here: If I add :allow-origin "*" to :access-control, it works: from a curl `-I' response:

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, DELETE
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: text/event-stream
Server: Aleph/0.4.1
Connection: Keep-Alive
Date: Mon, 03 Oct 2016 09:44:15 GMT
transfer-encoding: chunked
however, when I change this to :allow-origin "localhost:*", it doesn't seem to work:
HTTP/1.1 200 OK
Access-Control-Allow-Methods: GET, DELETE
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: text/event-stream
Server: Aleph/0.4.1
Connection: Keep-Alive
Date: Mon, 03 Oct 2016 09:44:54 GMT
transfer-encoding: chunked
What am I doing wrong?

lmergen09:10:27

@kurt-yagram that is weird, it is supposed to literally include any string as allow-origin

kurt-yagram09:10:03

yeah, I know... I've checked the sources as well...

kurt-yagram09:10:10

I just don't get it

lmergen09:10:14

let me see

lmergen09:10:28

well, i would probably just start debugging that function — but perhaps @malcolmsparks has a better understanding why this is.

lmergen09:10:42

what i would probably do is add a debugging interceptor in a few places, to see whether or not the header was added at some point

lmergen09:10:58

but personally, i would just debug that access-control-headers function, to see what the value of allow-origin is, and/or determine whether the header was added to ctx at least at some point

kurt-yagram10:10:39

🙂 may do this, but for now, I think I must be missing something about cors