in_http: add changes for cors_allow_origins on v1.19.0 #574

daipom · 2025-03-26T04:40:15Z

fluent/fluentd#4866 Signed-off-by: Daijiro Fukuda <[email protected]>

daipom · 2025-03-26T04:40:40Z

This should be merged after v1.19.0 release.

**Which issue(s) this PR fixes**: **What this PR does / why we need it**: Some requests, such as those made by apps, certain automated scripts, or older browsers, may not include an Origin header. Previously, such requests were blocked by the CORS check, even though they may not necessarily be cross-origin. For CORS, the server is responsible for reporting the allowed origins. The web browser is responsible for enforcing that requests are only sent from allowed domains. So this change updates the CORS handling logic to allow requests with an empty Origin header to pass, ensuring compatibility with legitimate non-browser clients while maintaining security. **Docs Changes**: fluent/fluentd-docs-gitbook#574 **Release Note**: The same as the title. Signed-off-by: Richard Lee <[email protected]>

in_http: add changes for cors_allow_origins on v1.19.0

162691a

fluent/fluentd#4866 Signed-off-by: Daijiro Fukuda <[email protected]>

daipom mentioned this pull request Mar 26, 2025

in_http: allow empty Origin header requests to pass CORS checks fluent/fluentd#4866

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

in_http: add changes for cors_allow_origins on v1.19.0 #574

in_http: add changes for cors_allow_origins on v1.19.0 #574

daipom commented Mar 26, 2025

daipom commented Mar 26, 2025

in_http: add changes for cors_allow_origins on v1.19.0 #574

Are you sure you want to change the base?

in_http: add changes for cors_allow_origins on v1.19.0 #574

Conversation

daipom commented Mar 26, 2025

daipom commented Mar 26, 2025