The Wayback Machine - https://web.archive.org/web/20201207190414/https://github.com/h5bp/server-configs-apache/issues/192
Skip to content

/ server-configs-apache

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

`Access-Control-Allow-Origin` pointing to an origin should include `Vary: Origin` #192

Open
Malvoz opened this issue May 27, 2019 · 1 comment
Open

`Access-Control-Allow-Origin` pointing to an origin should include `Vary: Origin` #192

Malvoz opened this issue May 27, 2019 · 1 comment
Labels
enhancement good first issue help wanted

Comments

@Malvoz
Copy link
Contributor

@Malvoz Malvoz commented May 27, 2019
edited

When Access-Control-Allow-Origin points to a URL rather than *, then Vary: Origin should be sent along with the response.

Sources:

All of the CORS configs use * in the examples. But if anything, there could potentially be a note of this in requests.conf? Or something better than just a note?
@LeoColomb LeoColomb changed the title [Enhancement] `Access-Control-Allow-Origin` pointing to an origin should include `Vary: Origin` `Access-Control-Allow-Origin` pointing to an origin should include `Vary: Origin` May 27, 2019
@LeoColomb
Copy link
Member

@LeoColomb LeoColomb commented May 27, 2019

A note seems to be a good start. 👍

Maybe the note can be attached to a commented out directive:

# (1)
# Header append Vary Origin
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement good first issue help wanted
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
@LeoColomb @Malvoz
You can’t perform that action at this time.