totemofwolf commented on issue #4095: URL: https://github.com/apache/apisix/issues/4095#issuecomment-825365422
> > > This command doesn't send Origin header. > > > The client should run the CORS mechanism: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS > > > > > > Not yet. > >  > > In the `curl` command, did you try to bring the `Origin` header? Example: `curl -I https://xxxyyy.com -H 'Origin: https://x'` If I set property `` in plugin: cors(), the response header will clear cors..... ``` "plugins": { "cors": { "allow_origins": "https://www.xxx.cn"; } } ``` curl output: ``` HTTP/2 404 content-type: text/plain; charset=utf-8 content-length: 18 date: Fri, 23 Apr 2021 03:37:33 GMT server: APISIX/2.5 ``` curl with -H 'Origin: ' returns ok: ``` HTTP/2 404 content-type: text/plain; charset=utf-8 content-length: 18 date: Fri, 23 Apr 2021 03:40:18 GMT server: APISIX/2.5 access-control-allow-origin: https://www.xxx.cn vary: Origin access-control-allow-methods: * access-control-max-age: 5 access-control-expose-headers: * access-control-allow-headers: * ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
