Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow token-authenticated requests cross-origin by default #2920

Merged
merged 2 commits into from
Oct 20, 2017
Merged

allow token-authenticated requests cross-origin by default #2920

merged 2 commits into from
Oct 20, 2017

Conversation

minrk
Copy link
Member

@minrk minrk commented Oct 10, 2017
edited

we already apply this logic in our server-side checks, but browsers check Access-Control-Allow-Origin headers themselves as well, meaning that token-authenticated requests can’t be made cross-origin without CORS headers from browsers, only scripts.

This makes default browser and server-side origin checks consistent

includes #2919 to avoid merge conflicts

@minrk minrk mentioned this pull request Oct 10, 2017
Closed
@minrk
allow token-authenticated requests cross-origin by default
9acf6a8 
we already apply this logic in our server-side checks,
but browsers check `Access-Control-Allow-Origin` headers themselves as well,
meaning that token-authenticated requests can’t be made cross-origin without CORS headers from browsers,
only scripts.

This makes default browser and server-side origin checks consistent
@minrk
Copy link
Member Author

minrk commented Oct 11, 2017

My conflict-avoidance strategy was not successful, apparently. Rebased.

@takluyver
Copy link
Member

I'm never entirely sure about these CORS issues, but I think I understand the basic idea, and I'm happy to trust the two of you. Do you want anyone else to review it? Do you want it in for 5.2?

@takluyver takluyver added this to the 5.3 milestone Oct 20, 2017
@takluyver takluyver merged commit 55aa80e into jupyter:master Oct 20, 2017
@gnestor
Copy link
Contributor

gnestor commented Oct 26, 2017

We're going to try to release 5.2.1. Should this be included?

@pyup-bot pyup-bot mentioned this pull request Jan 28, 2018
Closed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 4, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@blink1073 blink1073 blink1073 approved these changes

Assignees
No one assigned
Labels
status:resolved-locked
Projects
None yet
Milestone
5.3
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@minrk @takluyver @gnestor @blink1073