allow all origins wildcard not supported by chrome
cameronbraid opened this issue · comments
Am getting an error in chrome dev tools :
Access to CSS stylesheet at 'https://..' from origin 'https://...' has been blocked by CORS policy:
The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard
'*' when the request's credentials mode is 'include'.
16:11:31.942
How should I handle this to make go-chi write the request origin
header instead ?
I found a workaround
use AllowedOrigins=["https://*","http://*"]
and AllowCredentials=true
Should the library default URLs without a protocol to contain on the []slice a version with http and a version with https?
Probably not, it would introduce a bit of "magic" and maybe the developer should know that he needs to set them. If so, should this be documented on the documentation? Should an error be thrown in case the developer doesn't set the protocols?
I can work on this upon decisions.