tianyk commented on pull request #45: URL: https://github.com/apache/skywalking-client-js/pull/45#issuecomment-791889451
Adding additional headers can be dangerous across domains, making the service unusable. The blacklist will have uncontrollable situation, the white list does not have this problem. There can be no uncontrollable situations in the online service. https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS Yongke Tian <[email protected]>于2021年3月6日 周六15:16写道: > Let me give you an example. We used an SDK for a local service, and now we > can know the origin of the service they provide. However, the SDK may be > upgraded and they may change the service address. The situation is out of > your control. For example, an SDK in the form of Google Analytics(Just an > example, Google Analytics does not use XHR). > > In addition, adding extra headers can be dangerous when crossing domains. > Services (third) that are not processed across domains will not be > available. To make the service more manageable, I suggest whitelisting. > > > 吴晟 Wu Sheng <[email protected]>于2021年3月6日 周六15:07写道: > >> At least, if you insist you can't, use the regex to do exclusive match. >> >> — >> You are receiving this because you were mentioned. >> Reply to this email directly, view it on GitHub >> <https://github.com/apache/skywalking-client-js/pull/45#issuecomment-791887250>, >> or unsubscribe >> <https://github.com/notifications/unsubscribe-auth/AAZ3CNWD6LY4JTS5NXQSPGTTCHID3ANCNFSM4YURSEZQ> >> . >> > ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
