HTTP_ORIGIN wild card

[caseman72]

For
Access-Control-Allow-Origin

It would be nice to pass the current URL so if the value in the settings was:
HTTP_ORIGIN

Then you would replace that with the current url in the header ...

In my nginx.conf file I do this:
more_set_headers 'Access-Control-Allow-Origin: $http_origin';
more_set_headers 'Access-Control-Allow-Credentials: true';

[chrisdeely]

that's a great idea! Interested in working on it?

On Thu, Aug 21, 2014 at 3:26 PM, caseman72 notifications@github.com wrote:

For
Access-Control-Allow-Origin

It would be nice to pass the current URL so if the value in the settings
was:
HTTP_ORIGIN

Then you would replace that with the current url in the header ...

In my nginx.conf file I do this:
more_set_headers 'Access-Control-Allow-Origin: $http_origin';
more_set_headers 'Access-Control-Allow-Credentials: true';

—
Reply to this email directly or view it on GitHub
#9.

[caseman72]

Looking at the code now ... wonder if it would work with my plugin (https://github.com/caseman72/garmin.com.js) as I have to proxy the code through an nginx server to get it to work ... but if I can make Chrome think they have CORS headers then I get get around that

To get it to work - it should be straight forward if/then - just need to get the current URL ... I will fork and test ...

[chrisdeely]

Easiest route is probably to look at the header value in https://github.com/chrisdeely/ForceCORS/blob/master/background.js#L47-L51

If it matches "HTTP_ORIGIN" replace with the current Host value