Comments (4)
Hi @dcherman Inever heard of that header before, that was a good learning about! Sorry your issue sat here for a while; I'm recently looking after this module so trying to go through everything.
That being said, I think that it is out of scope for this module, since it does not fall into the realm of http://www.w3.org/TR/cors/ and there are probably use-cases where someone would want them configured independently. But there is a easy implementation for your desired state:
var cors = require('cors')
var onHeaders = require('on-headers')
// ... all your stuff
app.use(function (req, res, next) {
onHeaders(res, function () {
var allowOrigin = res.getHeader('Access-Control-Allow-Origin')
if (allowOrigin) {
res.setHeader('Timing-Allow-Origin', allowOrigin)
}
})
next()
})
app.use(cors())
I hope this helps!
from cors.
@dougwilson at the time that you wrote your response over six years ago, Timing-Allow-Origin
was not part of the CORS standard (link).
In 2019, it was added to the standard (whatwg/fetch#955) and it is currently included in the living CORS standard.
Is it worth revisiting the decision not to add support for Timing-Allow-Origin
in this library?
from cors.
Hi @jmpage yea, it is part of the fetch spec, but still outside of the CORS part of the spec. You can find the CORS part only in section 3.2 of fetch you linked. That entire spec is all of fetch, with CORS on the server side, what this module is, only being section 3.2 .
from cors.
Got it and great point, thank you for your feedback, Doug!
from cors.
Related Issues (20)
- access-control-allow-method not working HOT 2
- Do you need app.options and app.use(cors()); ?? HOT 12
- Access-Control-Allow-Origin issue HOT 2
- [Feature request] A more powerful custom origin calculation method depending on other headers HOT 6
- No Configuration Options for Access-Control-Allow-Private-Network HOT 1
- CORS Error only on Mac HOT 2
- Cors origin RegExp issues HOT 10
- Option preflightContinue not working with origin function
- Array - set origin -Not working HOT 3
- Incorrect response when option origin is true and requestOrigin is undefined HOT 2
- "origin" is undefined when requests are received from the same server AND when malicious requests are sent from a program HOT 1
- Undefined origin should be treated as not allowed - discusson HOT 4
- Configure Allowed Headers as Array of RegExp
- DEMO is broken HOT 1
- Invalid Vary header in Access-Control-Allow-Headers HOT 2
- `OPTIONS` request handler missing `Allow` header HOT 13
- cors is hanging HOT 2
- CORS error when fonts
- Add support for having specified domain instead of wildcard HOT 3
- Request: callback for failed CORS HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cors.