skimdz86 commented on code in PR #9365:
URL: https://github.com/apache/apisix/pull/9365#discussion_r1223098567
##########
apisix/plugins/cors.lua:
##########
@@ -179,6 +204,23 @@ function _M.check_schema(conf, schema_type)
end
end
+ if not conf.allow_origins then
+ if conf.timing_allow_origins or conf.timing_allow_origins_by_regex then
+ return false, "you can not set 'timing_allow_origin' " ..
+ "or 'timing_allow_origin_by_regex' " ..
+ "when 'allow_origins' is not set"
+ end
+ end
Review Comment:
Actually, I didn't consider the case in which the CORS are managed already
by the upstream server; so I agree, this way we can add only the timing header
in the api gateway in addition to the existing CORS headers, leaving freedom to
the users in the configuration. So I'll remove this check, but I also have to
change the logic in the header_filter function, to allow setting the timing
even when allow_origins is not set in the plugin conf.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
