probably the ultimate right course of action is to make both fields (allow-origin, allow-headers) configurable.
the reason i've put in this short-term fix is that my previous PR probably broke some use cases; whereas previously web actions would work from any browser (assuming only those two previously allowed headers were passed), now web actions will only work from chrome (but will support *any* headers) with this PR, we restore functionality on all browsers for web actions, with a somewhat expanded list of allow headers) i would suggest that we do the right thing in a subsequent PR, but this PR i feel fills an important a short-term regression fix until we can get the right PR in place? [ Full content available at: https://github.com/apache/incubator-openwhisk/pull/4046 ] This message was relayed via gitbox.apache.org for [email protected]
