Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CORS should not allow wildcard and a specific method #3647

Open
howardjohn opened this issue Feb 28, 2025 · 2 comments · May be fixed by #3667
Open

CORS should not allow wildcard and a specific method #3647

howardjohn opened this issue Feb 28, 2025 · 2 comments · May be fixed by #3667
Assignees
@EyalPazz
Labels
kind/bug Categorizes issue or PR as related to a bug. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Milestone
v1.3.0

Comments

@howardjohn
Copy link
Contributor

Per https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods, there are two valid options:

Access-Control-Allow-Methods: <method>, <method>, …
Access-Control-Allow-Methods: *

This implies you cannot have Access-Control-Allow-Methods: GET,*. You probably shouldn't anyways.

It probably makes sense to allow a single entry only if one is a wildcard.

Note the link is not an RFC, but the RFCs seem super vague here
@robscott robscott added this to the v1.3.0 milestone Feb 28, 2025
@robscott
Copy link
Member

robscott commented Mar 1, 2025

/kind bug

@k8s-ci-robot k8s-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Mar 1, 2025
@shaneutt shaneutt added the triage/accepted Indicates an issue or PR is ready to be actively worked on. label Mar 1, 2025
@shaneutt shaneutt moved this to Next in Gateway API Pipeline Mar 1, 2025
@shaneutt shaneutt added the priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. label Mar 1, 2025
@EyalPazz
Copy link
Contributor

EyalPazz commented Mar 6, 2025

/assign

@EyalPazz EyalPazz linked a pull request Mar 9, 2025 that will close this issue
Open
@shaneutt shaneutt moved this from Next to In Progress in Gateway API Pipeline Mar 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@EyalPazz EyalPazz

Labels
kind/bug Categorizes issue or PR as related to a bug. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
Gateway API Pipeline
Status: In Progress
Milestone
v1.3.0
Development

Successfully merging a pull request may close this issue.

fix: validate that a method and a wildcard won't appear together EyalPazz/gateway-api
5 participants
@robscott @howardjohn @shaneutt @k8s-ci-robot @EyalPazz