Skip to content

Better CORS header.

Kevin Ring requested to merge cors into master

Use Access-Control-Allow-Origin: * instead of Access-Control-Allow-Origin: foo.com. Chrome (and potentially other browsers) have a habit of caching a response the includes the latter and then reusing it for other origins, causing a CORS failure.

Merge request reports

Loading