Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Let other preflight requests through #32

Open
will-r opened this issue Sep 8, 2014 · 2 comments
Open

Let other preflight requests through #32

will-r opened this issue Sep 8, 2014 · 2 comments

Comments

@will-r
Copy link

will-r commented Sep 8, 2014

This is a very nice fix but I can't use it because it catches all OPTIONS requests, not just those for font files.

We have a lot of other CORS requests coming into this service and many include credentials. In that case you can't give access to '*' but have to specify domains. Like everyone else we evade this protection by reflecting back the requesting domain. Font_assets intercepts the options request is before it gets to our controller, so this hack can't be applied.

The problem goes away if you omit the economical shortcut for preflight requests and allow them to go through the same if-font-then-headers routine as the main request. I'd be happy to prepare a PR and test case if that's an acceptable solution for you.
@ericallam
Copy link
Owner

I'd be happy to accept a PR and test case for this change. Send it along and I'll take a look :)

@dmur dmur mentioned this issue Dec 10, 2014
Closed
@bradleypriest
Copy link

For future readers, this has been fixed in #27

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Only intercept preflight requests for fonts dmur/font_assets
3 participants
@ericallam @bradleypriest @will-r