Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proxy rewrites Origin header to match the target server URL #1212

Merged
merged 2 commits into from
Dec 11, 2016

Conversation

koles
Copy link
Contributor

@koles koles commented Dec 8, 2016

The new proxy option introduced in #282 works well for GET requests but many browsers send Origin headers with same-origin POST/PUT/DELETE requests.

This pull request makes the http-proxy-middleware to overwrite the original Origin header (if set) to match the target server URL.

@facebook-github-bot
Copy link

Thank you for your pull request and welcome to our community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. In order for us to review and merge your code, please sign up at https://code.facebook.com/cla - and if you have received this in error or have any questions, please drop us a line at cla@fb.com. Thanks!

If you are contributing on behalf of someone else (eg your employer): the individual CLA is not sufficient - use https://developers.facebook.com/opensource/cla?type=company instead. Contact cla@fb.com if you have any questions.

@facebook-github-bot
Copy link

Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Facebook open source project. Thanks!

@gaearon
Copy link
Contributor

gaearon commented Dec 9, 2016

Could you please explain how to verify this works? Maybe you could create an example
app on top of which I could test this change?

@koles
Copy link
Contributor Author

koles commented Dec 9, 2016

See https://github.com/koles/react-scripts-pr-1212

The app POSTs a dummy authentication payload to a web service specified in the "proxy" attribute of the package.json file and displays the result, see https://github.com/koles/react-scripts-pr-1212/blob/master/src/App.js for details.

Before applying the patch (using react-scripts 0.8.3):
Service responds with status 403 (Cross origin requests not allowed).

After:
Service responds with status 401 (Bad Login or Password!) - clearly the request was accepted and processed.

@gaearon
Copy link
Contributor

gaearon commented Dec 9, 2016

Could you also add a comment to the source code please?

@gaearon gaearon added this to the 0.8.4 milestone Dec 9, 2016
@koles
Copy link
Contributor Author

koles commented Dec 9, 2016

Done.

@koles koles closed this Dec 9, 2016
@koles koles reopened this Dec 9, 2016
@gaearon gaearon merged commit 9d42ffa into facebook:master Dec 11, 2016
@gaearon
Copy link
Contributor

gaearon commented Dec 11, 2016

Thanks!

@gaearon gaearon mentioned this pull request Dec 11, 2016
@gaearon
Copy link
Contributor

gaearon commented Dec 11, 2016

Should be fixed in react-scripts@0.8.4. Please verify.
https://github.com/facebookincubator/create-react-app/releases/tag/v0.8.4

alexdriaguine pushed a commit to alexdriaguine/create-react-app that referenced this pull request Jan 23, 2017
…#1212)

* Proxy rewrites Origin header to match the target server URL

* Added comments on rewriting Origin header by the proxy middleware
randycoulman pushed a commit to CodingZeal/create-react-app that referenced this pull request May 8, 2017
…#1212)

* Proxy rewrites Origin header to match the target server URL

* Added comments on rewriting Origin header by the proxy middleware
@lock lock bot locked and limited conversation to collaborators Jan 21, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants