commit 3df82c4eeb72db90348e40514b280d96accdc833 Author: Peter Haight peterh@giantrabbit.com Date: Wed Oct 21 11:46:12 2020 -0700
Revert "Use wildcard for Access-Control-Allow-Origin"
This reverts commit 9a7940ba9994789293b44c64632822cc849c918c.
This didn't work because then we get this error in the browser:
Access to fetch at 'https://donate-api.torproject.org/setExpressCheckout' from origin 'https://donate.torproject.org' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. --- src/AccessControlMiddleware.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/AccessControlMiddleware.php b/src/AccessControlMiddleware.php index d5b7381d..d900fa63 100644 --- a/src/AccessControlMiddleware.php +++ b/src/AccessControlMiddleware.php @@ -4,7 +4,7 @@ namespace Tor;
class AccessControlMiddleware { public function __invoke($request, $response, $next) { - $response = $response->withHeader('Access-Control-Allow-Origin', '*'); + $response = $response->withHeader('Access-Control-Allow-Origin', $this->torSiteBaseUrl); $response = $response->withHeader('Access-Control-Allow-Credentials', 'true'); $response = $response->withHeader('Access-Control-Allow-Headers', 'Content-Type'); return $next($request, $response);
tor-commits@lists.torproject.org
-
peterh@torproject.org