Created
July 30, 2014 17:57
-
-
Save tisba/eb053294eb3dfbd51735 to your computer and use it in GitHub Desktop.
nginx appears to add an automatic `Access-Control-Allow-Origin: *` based on User Agents?
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ curl -i --user user:secret 'https://api.example.com' -H 'User-Agent: Mozilla/5.0' | |
| HTTP/1.1 200 OK | |
| Server: nginx | |
| Date: Wed, 30 Jul 2014 17:55:43 GMT | |
| Content-Type: application/json; charset=UTF-8 | |
| Content-Length: 2869 | |
| Connection: keep-alive | |
| Access-Control-Allow-Origin: * | |
| Access-Control-Allow-Origin: https://example.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ curl -i --user user:secret 'https://api.example.com' | |
| HTTP/1.1 200 OK | |
| Server: nginx | |
| Date: Wed, 30 Jul 2014 17:56:44 GMT | |
| Content-Type: application/json; charset=UTF-8 | |
| Content-Length: 2869 | |
| Connection: keep-alive | |
| Access-Control-Allow-Origin: https://example.com |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment