This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2016-10-03
Channels
- # aws (1)
- # bangalore-clj (3)
- # beginners (3)
- # boot (9)
- # business (1)
- # cljs-dev (72)
- # cljsjs (7)
- # clojure (86)
- # clojure-austin (1)
- # clojure-belgium (4)
- # clojure-brasil (14)
- # clojure-conj (3)
- # clojure-dev (10)
- # clojure-italy (4)
- # clojure-poland (14)
- # clojure-russia (36)
- # clojure-spec (144)
- # clojure-uk (50)
- # clojurebridge (1)
- # clojurescript (160)
- # clr (2)
- # core-async (8)
- # cursive (56)
- # datomic (34)
- # devcards (3)
- # emacs (2)
- # ethereum (1)
- # events (3)
- # hoplon (21)
- # jobs (2)
- # leiningen (9)
- # luminus (3)
- # off-topic (1)
- # om (26)
- # onyx (42)
- # pedestal (29)
- # protorepl (1)
- # re-frame (43)
- # reagent (26)
- # rethinkdb (4)
- # ring-swagger (4)
- # spacemacs (5)
- # specter (4)
- # untangled (102)
- # vim (43)
- # yada (10)
got something weird here: If I add :allow-origin "*"
to :access-control, it works: from a curl `-I' response:
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, DELETE
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: text/event-stream
Server: Aleph/0.4.1
Connection: Keep-Alive
Date: Mon, 03 Oct 2016 09:44:15 GMT
transfer-encoding: chunked
however, when I change this to :allow-origin "localhost:*"
, it doesn't seem to work:
HTTP/1.1 200 OK
Access-Control-Allow-Methods: GET, DELETE
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: text/event-stream
Server: Aleph/0.4.1
Connection: Keep-Alive
Date: Mon, 03 Oct 2016 09:44:54 GMT
transfer-encoding: chunked
What am I doing wrong?@kurt-yagram that is weird, it is supposed to literally include any string as allow-origin
yeah, I know... I've checked the sources as well...
I just don't get it
well, i would probably just start debugging that function — but perhaps @malcolmsparks has a better understanding why this is.
what i would probably do is add a debugging interceptor in a few places, to see whether or not the header was added at some point
but personally, i would just debug that access-control-headers
function, to see what the value of allow-origin
is, and/or determine whether the header was added to ctx
at least at some point
🙂 may do this, but for now, I think I must be missing something about cors