summaryrefslogtreecommitdiff
path: root/auth.c
diff options
context:
space:
mode:
authorRafał Miłecki <rafal@milecki.pl>2020-09-21 16:16:23 +0200
committerRafał Miłecki <rafal@milecki.pl>2020-09-23 08:17:32 +0200
commitc186212a3075766717cab396a46242f110ee71bd (patch)
tree59a27dd7fb15e0680b9e1f1002934b0457d3cfdb /auth.c
parent47c34bd6ad49cae408b8d7c150c6f9f324aaddf5 (diff)
ubus: support GET method with CORS requests
Complex GET requests (e.g. those with custom headers) require browsers to send preflight OPTIONS request with: Access-Control-Request-Method: GET It's important to reply to such requests with the header Access-Control-Allow-Origin (and optionally others) to allow CORS requests. Adding GET to the Access-Control-Allow-Methods is cosmetical as according to the Fetch standard: > If request’s method is not in methods, request’s method is not a > CORS-safelisted method, and request’s credentials mode is "include" or > methods does not contain `*`, then return a network error. It basically means that Access-Control-Allow-Methods value is ignored for GET, HEAD and POST methods. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Diffstat (limited to 'auth.c')
0 files changed, 0 insertions, 0 deletions