Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Callimachus uses Access-Control-Allow-Origin headers incorrectly #253

Open
edwardsph opened this issue May 13, 2016 · 0 comments
Open

Callimachus uses Access-Control-Allow-Origin headers incorrectly #253

edwardsph opened this issue May 13, 2016 · 0 comments
Milestone
v1.5.1

Comments

@edwardsph
Copy link
Contributor

If you specify 2 "Allowed origins" for a Callimachus instance it generates the following CORS headers:
Content-Security-Policy: connect-src http://origin1 http://origin2;form-action http://origin1 http://origin2;frame-ancestors http://origin1 http://origin2;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *; Access-Control-Allow-Origin: http://origin1 http://origin2

Chrome responds to this with the error:
Font from origin 'http://origin1' has been blocked from loading by Cross-Origin Resource Sharing policy: The 'Access-Control-Allow-Origin' header contains multiple values 'http://origin1 http://origin2', but only one is allowed. Origin 'http://origin2' is therefore not allowed access.

See https://www.w3.org/TR/cors/#resource-implementation for a proposed workaround.
@catch-point catch-point added this to the v1.5.1 milestone May 17, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.5.1
Development

No branches or pull requests
2 participants
@catch-point @edwardsph