From e1c0581954a413468f712a8978db672e3606871e Mon Sep 17 00:00:00 2001 From: wxiaoguang Date: Mon, 25 Dec 2023 21:01:24 +0800 Subject: [PATCH] Refactor CORS handler (#28587) (#28611) Backport #28587, the only conflict is the test file. The CORS code has been unmaintained for long time, and the behavior is not correct. This PR tries to improve it. The key point is written as comment in code. And add more tests. Fix #28515 Fix #27642 Fix #17098 --- administration/config-cheat-sheet.en-us.md | 4 +--- administration/config-cheat-sheet.zh-cn.md | 2 -- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/administration/config-cheat-sheet.en-us.md b/administration/config-cheat-sheet.en-us.md index f97f021c..b7cae8dc 100644 --- a/administration/config-cheat-sheet.en-us.md +++ b/administration/config-cheat-sheet.en-us.md @@ -196,9 +196,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a ## CORS (`cors`) - `ENABLED`: **false**: enable cors headers (disabled by default) -- `SCHEME`: **http**: scheme of allowed requests -- `ALLOW_DOMAIN`: **\***: list of requesting domains that are allowed -- `ALLOW_SUBDOMAIN`: **false**: allow subdomains of headers listed above to request +- `ALLOW_DOMAIN`: **\***: list of requesting origins that are allowed, eg: "https://*.example.com" - `METHODS`: **GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS**: list of methods allowed to request - `MAX_AGE`: **10m**: max time to cache response - `ALLOW_CREDENTIALS`: **false**: allow request with credentials diff --git a/administration/config-cheat-sheet.zh-cn.md b/administration/config-cheat-sheet.zh-cn.md index bfb8845a..7c56f822 100644 --- a/administration/config-cheat-sheet.zh-cn.md +++ b/administration/config-cheat-sheet.zh-cn.md @@ -195,9 +195,7 @@ menu: ## 跨域 (`cors`) - `ENABLED`: **false**: 启用 CORS 头部(默认禁用) -- `SCHEME`: **http**: 允许请求的协议 - `ALLOW_DOMAIN`: **\***: 允许请求的域名列表 -- `ALLOW_SUBDOMAIN`: **false**: 允许上述列出的头部的子域名发出请求。 - `METHODS`: **GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS**: 允许发起的请求方式列表 - `MAX_AGE`: **10m**: 缓存响应的最大时间 - `ALLOW_CREDENTIALS`: **false**: 允许带有凭据的请求