Skip to content

fix(@angular/build): configure Vite CORS option #29607

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
alan-agius4 merged 1 commit into from
Feb 12, 2025
Merged

fix(@angular/build): configure Vite CORS option #29607

alan-agius4 merged 1 commit into from
Feb 12, 2025

Conversation

@alan-agius4
Copy link
Collaborator

@alan-agius4 alan-agius4 commented Feb 11, 2025

Vite's allowedHosts option does not enable CORS; instead, it allows the dev server to respond to requests with a matching hostname (e.g., http://example.com/main.js). It only verifies that the request’s hostname is on the allowed list. However, this does not consider the origin in the case of a CORS request.

This commit updates Vite's configuration to enable CORS.

Closes #29549

AndreKoepke
AndreKoepke reviewed Feb 11, 2025
View reviewed changes
@alan-agius4 alan-agius4 added action: review The PR is still awaiting reviews from at least one requested reviewer target: patch This PR is targeted for the next patch release labels Feb 11, 2025
@alan-agius4
fix(@angular/build): configure Vite CORS option
eefbeed 
Vite's `allowedHosts` option does not enable CORS; instead, it allows the dev server to respond to requests with a matching hostname (e.g., http://example.com/main.js). It only verifies that the request’s hostname is on the allowed list. However, this does not consider the `origin` in the case of a CORS request.

This commit updates Vite's configuration to enable CORS.

Closes angular#29549
@alan-agius4 alan-agius4 added action: merge The PR is ready for merge by the caretaker and removed action: review The PR is still awaiting reviews from at least one requested reviewer labels Feb 12, 2025
@alan-agius4 alan-agius4 removed the request for review from clydin February 12, 2025 09:43
@alan-agius4 alan-agius4 merged commit be15b88 into angular:main Feb 12, 2025
9 checks passed
@alan-agius4 alan-agius4 deleted the vite-cors branch February 12, 2025 09:43
@alan-agius4
Copy link
Collaborator Author

alan-agius4 commented Feb 12, 2025

The changes were merged into the following branches: main, 19.1.x

@angular-automatic-lock-bot
Copy link

angular-automatic-lock-bot bot commented Mar 15, 2025

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Mar 15, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@dgp1130 dgp1130 dgp1130 approved these changes

+1 more reviewer

@AndreKoepke AndreKoepke AndreKoepke left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

action: merge The PR is ready for merge by the caretaker area: @angular/build target: patch This PR is targeted for the next patch release

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Access-Control-Allow-Origin header missing in dev server for assets

3 participants

@alan-agius4 @dgp1130 @AndreKoepke