Re: [whatwg/fetch] Recommend that servers follow the steps of CORS preflight for easier troubleshooting (Issue #1588) from jub0bs on 2024-03-21 (public-webapps-github@w3.org from March 2024)

From: jub0bs <notifications@github.com>
Date: Thu, 21 Mar 2024 10:29:31 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/1588/2013130498@github.com>

Regardless of any changes to the Fetch standard, perhaps the best of both worlds is possible after all. FWIW, I'm working on a debug mode for my CORS middleware, which can be toggled (in a concurrency-safe manner) even as the middleware is processing requests.

The debug mode changes the behaviour of the middleware in the face of preflight failure:

- When debug is on, the middleware includes enough information in the preflight response for the browser to produce a helpful CORS error message; that way, server developers can easily troubleshoot their CORS issues by inspecting the browser's DevTools.
- When debug is off, the middleware omits all CORS headers from the preflight response, revealing nothing about CORS configuration.

Thanks again for your insight, @annevk and @sideshowbarker.

I think I'm happy enough with the approach outlined above to close this issue.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/1588#issuecomment-2013130498
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/issues/1588/2013130498@github.com>

Received on Thursday, 21 March 2024 17:29:35 UTC