Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Preload link should include the "crossorigin" attribute, if initial request uses CORS #82

Open
kgilden opened this issue Apr 25, 2021 · 0 comments
Open

Preload link should include the "crossorigin" attribute, if initial request uses CORS #82

kgilden opened this issue Apr 25, 2021 · 0 comments

Comments

@kgilden
Copy link

kgilden commented Apr 25, 2021

I've been trying to get Vulcain working in a situation where CORS is necessary. At the moment it seems to me that browsers are blocking preload requests, because the generated link headers do not include the crossorigin attribute (docs).

2021-04-25_17-03

I'd propose adding crossorigin=anonymous, if the Access-Control-Allow-Origin header is present. And crossorigin=use-credentials, if the Access-Control-Allow-Credentials header is true (docs).

However, I'm not entirely sure what should happen, if the related resources are owned by different API-s (e.g. bookapi.com/book/1 is referencing authorapi.com/author/2). In that case the abovementioned could not be implied from the response headers.

Since the Link headers are added by Vulcain, there's no way for the upstream to handle this or is there?
@kgilden kgilden changed the title Preload link should include the "crossorigin" attribute, if original request uses CORS Preload link should include the "crossorigin" attribute, if initial request uses CORS Apr 25, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kgilden