Giters

modrinth / labrinth

Our Rust-based backend utilizing the actix-web framework to serve Modrinth's API.

Home Page:https://modrinth.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CORS header is not included when rate limited

ryanccn opened this issue · comments

commented

Describe the bug

When a client has exceeded the rate limit, the returned 429 Too Many Requests response does not include an Access-Control-Allow-Origin header, leading to the response being opaque to web applications.

Steps to reproduce

  1. Go over the rate limit
  2. Fetch any API route with the Origin header

Expected behavior

The CORS header should be included even on rate limited responses so that client applications can read the response.

Additional context

No response