Comments (7)
Eilon
commented on July 26, 2024
What is the connection between CORS and Web Hooks? Web Hooks are triggered by other servers (e.g. Office 365, GitHub, etc.), whereas CORS is a browser security feature that applies to AJAX requests.
from cors.
dougbu
commented on July 26, 2024
More the opposite of a connection: It's sensible to disable CORS for WebHook actions.
from cors.
Eilon
commented on July 26, 2024
My question is when does CORS even apply to this? CORS is used only by browsers, but when is a browser ever calling a web hook?
from cors.
dougbu
commented on July 26, 2024
If a browser called a web hook, why enable CORS? Except in a the rare case of a receiver that implements "ping" using a simple GET, the request should always fail -- but due to the receiver's normal rules, not because CORS blocks it.
from cors.
Eilon
commented on July 26, 2024
Browsers never call web hooks, do they?
from cors.
dougbu
commented on July 26, 2024
Browsers can call almost-any ASP.NET Core endpoint. A WebHooks endpoint is just another URL on the Internet.
from cors.
Eilon
commented on July 26, 2024
The question isn't whether they can - my thermostat can make web calls too, but I don't know whether it supports CORS 😄 The question is whether it's a scenario that happens in practice, and I can't think of a case where it does.
from cors.
Related Issues (20)
- Set VaryByOrigin for origins other than * HOT 1
- Log when we see an OPTIONS without AccessControlRequestMethod HOT 1
- Jwt Auth with Angular Auth0 and AspNetCore No 'Access-Control-Allow-Origin' header is present on the requested resource HOT 5
- Move CorsOptions to root namespace HOT 1
- EnableCorsAttribute has a way to set policy name via the ctor and the property HOT 2
- Add an empty constructor for EnableCorsAttribute HOT 4
- Asp.net core web api that returns File is throwing No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access HOT 4
- DefaultIsOriginAllowed should StringComparer.Ordinal be changed to StringComparer.OrdinalIgnoreCase? HOT 2
- CorsMiddleware not rejecting invalid requests HOT 7
- Using a stricter CORS policy for just one controller HOT 3
- The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed HOT 14
- Remove duplicate header names and method constants HOT 1
- Should CORS be abandoned? HOT 1
- GET and POST requests from blocked origin still executed HOT 5
- EnableCors security and client application concerns HOT 9
- Exception, when origin is null in CorsPolicyExtensions.cs HOT 5
- THIS ISSUE TRACKER IS CLOSED - use the Home repo issue tracker
- Why Cors AddPolicy doesn't allow *.example.com ? HOT 2
- CORS Headers don't display in response HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cors.