Skip to content
This repository has been archived by the owner on May 6, 2020. It is now read-only.

CORS checks need to use the redirected URL #90

Open
ithinkihaveacat opened this issue Oct 25, 2018 · 0 comments
Open

CORS checks need to use the redirected URL #90

ithinkihaveacat opened this issue Oct 25, 2018 · 0 comments

Comments

@ithinkihaveacat
Copy link
Collaborator

A URL like https://cnn.com/ampstories/us/who-is-sandra-day-oconnor is actually redirected to https://www.cnn.com/ampstories/us/who-is-sandra-day-oconnor. The CORS checks need to be use the redirected URL, not the original URL.

Actual:

# returns 401
curl -i -H 'origin: https://cnn-com.cdn.ampproject.org' 'https://stamps.cnn.io/api/related?storyId=5bcf38eb4db3d70020c01c4f&__amp_source_origin=https%3A%2F%2Fcnn.com'

Expected:

# returns 200
curl -i -H 'origin: https://www-cnn-com.cdn.ampproject.org' 'https://stamps.cnn.io/api/related?storyId=5bcf38eb4db3d70020c01c4f&__amp_source_origin=https%3A%2F%2Fwww.cnn.com'
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ithinkihaveacat