monkeyDluffy6017 commented on code in PR #9365:
URL: https://github.com/apache/apisix/pull/9365#discussion_r1221900475
##########
apisix/plugins/cors.lua:
##########
@@ -179,6 +204,23 @@ function _M.check_schema(conf, schema_type)
end
end
+ if not conf.allow_origins then
+ if conf.timing_allow_origins or conf.timing_allow_origins_by_regex then
+ return false, "you can not set 'timing_allow_origin' " ..
+ "or 'timing_allow_origin_by_regex' " ..
+ "when 'allow_origins' is not set"
+ end
+ end
Review Comment:
I have considered this place carefully, and I think that allow_origins and
timing_allow_origins should be independent of each other, because it is
possible that the upstream has a response header of
Access-Control-Allow-Origin, which does not require the plugin to set it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
