-
Notifications
You must be signed in to change notification settings - Fork 141
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
Why is "allow_headers" now a case-sensitive match? #187
Comments
Headers should be case insensitive, this is a bad bug. Good catch. I will fix this tonight. |
Thanks for the quick fix. I can confirm this works for me. |
@satterly glad to hear it! Thanks a lot for taking the time to make such a detailed report, it made it much easier to fix :-) Let me know if you have any other feedback around this package :-) |
You're welcome. I know what it's like trying to bugfix based on other people's Github issues. As for feedback, some more debug logging would have helped me with this. But now that it's fixed I'm not sure it's worth spending much more time on. |
With version 3.x the list of headers returned by
Access-Control-Allow-Headers
is now a case-sensitive match against the list of headers defined in theCORS_ALLOW_HEADERS
setting.For example, with version 2.1.3 if the setting for "allow_headers" was ...
... then the following works ...
However, with version 3.x it does not return the
Access-Control-Allow-Headers
header because there was no case-sensitive match.This breaks CORS on most browsers including Chrome and Firefox. However, not on IE apparently.
The text was updated successfully, but these errors were encountered: