Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: CORS requests when Origin is invalid or null #20343

Merged
merged 3 commits into from
Feb 15, 2024
Merged

fix: CORS requests when Origin is invalid or null #20343

merged 3 commits into from
Feb 15, 2024

Conversation

frankh
Copy link
Contributor

@frankh frankh commented Feb 14, 2024

Problem

In some situations (such as calling posthog from within an iframe) the Origin header can be "null" or otherwise invalid

In these situations we can't echo back the requested origin so we need to send * instead

Changes

👉 Stay up-to-date with PostHog coding conventions for a smoother review.

How did you test this code?

@frankh frankh requested a review from benjackwhite February 14, 2024 16:07
@frankh frankh force-pushed the frank/cors-origin-null branch from c1241d7 to c322602 Compare February 14, 2024 16:18
@frankh frankh changed the title Fix CORS requests when Origin is invalid or null fix: CORS requests when Origin is invalid or null Feb 14, 2024
@frankh frankh force-pushed the frank/cors-origin-null branch from c322602 to 59bb8dc Compare February 14, 2024 16:28
@frankh frankh marked this pull request as ready for review February 14, 2024 16:28
@frankh frankh requested a review from tiina303 February 14, 2024 16:33
tiina303
tiina303 approved these changes Feb 15, 2024
View reviewed changes
Copy link
Contributor

@tiina303 tiina303 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know anything about CORS not what this might break, so take this approval with a grain of salt. Could you also reply to the user in the ticket and verify it works for them after this fix, tnx

@frankh
Fix CORS requests when Origin is invalid or null
ec09bed 
In some situations (such as calling posthog from within an iframe)
the Origin header can be "null" or otherwise invalid

In these situations we can't echo back the requested origin so we need
to send * instead
@frankh
Fix mypi issue
cf203b9
@frankh frankh force-pushed the frank/cors-origin-null branch from 59bb8dc to cf203b9 Compare February 15, 2024 12:43
@frankh frankh merged commit 856d495 into master Feb 15, 2024
72 checks passed
@frankh frankh deleted the frank/cors-origin-null branch February 15, 2024 13:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tiina303 tiina303 tiina303 approved these changes

@benjackwhite benjackwhite Awaiting requested review from benjackwhite

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@frankh @tiina303