Re: [whatwg/fetch] Recommend that servers follow the steps of CORS preflight for easier troubleshooting (Issue #1588) from sideshowbarker on 2023-10-29 (public-webapps-github@w3.org from October 2023)

From: sideshowbarker <notifications@github.com>
Date: Sun, 29 Oct 2023 01:00:07 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/1588/1784027283@github.com>

I haven’t been able to make time to consider this issue in detail yet, but from my experience over years of reading and answering CORS questions on Stack Overflow, I can say: It’s very clear that debugging CORS issues is a major pain point for web developers that costs developers a huge amount of time — and something they chronically make the same kinds of mistakes with. And I see nothing to indicate that situation has gotten any better over the years, or that it ever will.

Given that, I think we should do whatever we can safely to give web developers any addition debugging help that we can. And giving middleware authors some focused guidance in the spec about sending the `Access-Control-Allow-Origin` header under the circumstances outlined in the issue description seems to me at least like one specific change that could really help a lot of developers in practice.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/1588#issuecomment-1784027283
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/issues/1588/1784027283@github.com>

Received on Sunday, 29 October 2023 08:00:12 UTC