This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2018-05-05
Channels
- # architecture (3)
- # aws (4)
- # beginners (100)
- # boot (14)
- # cider (59)
- # cljs-dev (1)
- # cljsrn (24)
- # clojure (53)
- # clojure-dev (58)
- # clojure-italy (2)
- # clojure-spec (1)
- # clojure-uk (25)
- # clojurescript (7)
- # cryogen (1)
- # cursive (1)
- # datomic (9)
- # dirac (9)
- # duct (3)
- # off-topic (52)
- # om-next (3)
- # onyx (42)
- # portkey (28)
- # re-frame (3)
- # reagent (11)
- # rum (3)
- # shadow-cljs (12)
- # specter (7)
- # tools-deps (18)
- # vim (1)
- # yada (4)
What Access Control headers are being returned?
reading through the CORS test cases for yada here[https://github.com/juxt/yada/blob/master/test/yada/cors_test.clj], that access-control-allow-origin header is not included if your request isn't including an Origin header.. https://github.com/juxt/yada/blob/master/test/yada/cors_test.clj#L11
also not quite sure about interaction with schema(which my prev comment used as basis) but those tests use str and array as values for :allow-origin so your original definition should be ok
as bradford is not around, i ran curl against that endpoint and turns out it's live!
curl -k -I -H "Origin: " -H "Access-Control-Request-Method: POST" -H "Access-Control-Request-Headers: X-Requested-With" -X OPTIONS HTTP/2 200
date: Sat, 05 May 2018 18:07:46 GMT
content-length: 0
access-control-expose-headers: X-Custom
access-control-allow-headers: authorization, accept, accept-language, connection, content-type, host, if-none-match, origin, referer, user-agent
access-control-allow-origin:
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubdomains
allow: GET, HEAD, POST, OPTIONS
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
server: Aleph/0.4.4