Ruud@lemmy.worldM to Lemmy.World Announcements@lemmy.world · edit-21 year agoLemmy.world updated to 0.18.1message-squaremessage-square7fedilinkarrow-up12arrow-down10file-text
arrow-up12arrow-down1message-squareLemmy.world updated to 0.18.1Ruud@lemmy.worldM to Lemmy.World Announcements@lemmy.world · edit-21 year agomessage-square7fedilinkfile-text
We’ve updated Lemmy.world to Lemmy 0.18.1. For the release notes, see https://lemmy.world/post/1139237
minus-squareNato Boram@lemmy.worldlinkfedilinkarrow-up1·1 year agoHi! I noticed an issue with the headers sent by Lemmy.world. Headers sent from and to this website’s official UI look like this: HTTP/1.1 200 OK server: nginx/1.18.0 (Ubuntu) date: Fri, 07 Jul 2023 23:35:17 GMT content-type: application/json vary: accept-encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers content-encoding: gzip access-control-allow-origin: * access-control-allow-methods: GET, POST, PUT, OPTIONS access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range access-control-expose-headers: content-encoding, content-type, vary, Content-Length,Content-Range X-Firefox-Spdy: h2 Which is fine. However, headers received by custom clients look like this: HTTP/2 200 OK server: nginx/1.18.0 (Ubuntu) date: Fri, 07 Jul 2023 23:33:50 GMT content-type: application/json vary: accept-encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers content-encoding: gzip access-control-allow-origin: https://natoboram.github.io access-control-expose-headers: content-encoding, access-control-allow-origin, content-type, vary access-control-allow-origin: * access-control-allow-methods: GET, POST, PUT, OPTIONS access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range access-control-expose-headers: Content-Length,Content-Range X-Firefox-Spdy: h2 There’s two access-control-allow-origin! This still breaks web clients.
Hi! I noticed an issue with the headers sent by Lemmy.world.
Headers sent from and to this website’s official UI look like this:
HTTP/1.1 200 OK server: nginx/1.18.0 (Ubuntu) date: Fri, 07 Jul 2023 23:35:17 GMT content-type: application/json vary: accept-encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers content-encoding: gzip access-control-allow-origin: * access-control-allow-methods: GET, POST, PUT, OPTIONS access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range access-control-expose-headers: content-encoding, content-type, vary, Content-Length,Content-Range X-Firefox-Spdy: h2
Which is fine. However, headers received by custom clients look like this:
HTTP/2 200 OK server: nginx/1.18.0 (Ubuntu) date: Fri, 07 Jul 2023 23:33:50 GMT content-type: application/json vary: accept-encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers content-encoding: gzip access-control-allow-origin: https://natoboram.github.io access-control-expose-headers: content-encoding, access-control-allow-origin, content-type, vary access-control-allow-origin: * access-control-allow-methods: GET, POST, PUT, OPTIONS access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range access-control-expose-headers: Content-Length,Content-Range X-Firefox-Spdy: h2
There’s two
access-control-allow-origin
! This still breaks web clients.