From 3b93de6898523f77ec153b274e885992495c3593 Mon Sep 17 00:00:00 2001 From: Pavel Kolesnikov Date: Thu, 8 Dec 2016 13:03:10 -0800 Subject: [PATCH 1/2] Proxy rewrites Origin header to match the target server URL --- packages/react-scripts/scripts/start.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/packages/react-scripts/scripts/start.js b/packages/react-scripts/scripts/start.js index 752bd8a08a8..a9755708000 100644 --- a/packages/react-scripts/scripts/start.js +++ b/packages/react-scripts/scripts/start.js @@ -201,6 +201,11 @@ function addMiddleware(devServer) { var hpm = httpProxyMiddleware(pathname => mayProxy.test(pathname), { target: proxy, logLevel: 'silent', + onProxyReq: function(proxyReq, req, res) { + if (proxyReq.getHeader('origin')) { + proxyReq.setHeader('origin', proxy); + } + }, onError: onProxyError(proxy), secure: false, changeOrigin: true, From d939156dcd712f3acf2427e0ed919abe1f9fc08e Mon Sep 17 00:00:00 2001 From: Pavel Kolesnikov Date: Fri, 9 Dec 2016 07:29:42 -0800 Subject: [PATCH 2/2] Added comments on rewriting Origin header by the proxy middleware --- packages/react-scripts/scripts/start.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/packages/react-scripts/scripts/start.js b/packages/react-scripts/scripts/start.js index a9755708000..3e71e2de886 100644 --- a/packages/react-scripts/scripts/start.js +++ b/packages/react-scripts/scripts/start.js @@ -202,6 +202,9 @@ function addMiddleware(devServer) { target: proxy, logLevel: 'silent', onProxyReq: function(proxyReq, req, res) { + // Browers may send Origin headers even with same-origin + // requests. To prevent CORS issues, we have to change + // the Origin to match the target URL. if (proxyReq.getHeader('origin')) { proxyReq.setHeader('origin', proxy); }