Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Add option to scan even if no origin header was present.
See original GitHub issue- Corsair_scan version: 0.2.0
- Python version: 3.7
- Operating System: Pop!_OS
Description
Some CORS setups may only respond with CORS headers if the request’s Origin header was accepted/allow-listed.
However, the current functionality only continues to scan if the server responded with a CORS header for the origin https://scarymonster.com.
It’d be great if the tool tried each of the CORS tests without this check, as this could miss some valid results.
Issue Analytics
- State:
- Created 2 years ago
- Comments:9
Top Results From Across the Web
Fixing "No 'Access-Control-Allow-Origin' Header Present"
This error occurs when a script on your website/web app attempts to make a request to a resource that isn't configured to accept...
Read more >Spring CORS No 'Access-Control-Allow-Origin' header is ...
Origin 'http://localhost:63342' is therefore not allowed access. Any ideas why the Spring java config approach is not working like the web.
Read more >CORS and the Access-Control-Allow-Origin response header
This header is returned by a server when a website requests a cross-domain resource, with an Origin header added by the browser.
Read more >Cross-Origin Resource Sharing (CORS) and the Access ...
Modern browsers use the Same-Origin Policy (SOP) by default which means that fetching resources from other origins is not allowed.
Read more >Resolve the "No 'Access-Control-Allow-Origin' header" error ...
In the Headers dropdown list, choose the headers required by your origin. Choose Add custom to add headers required by your origin that...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Will do, and of course! I’m happy to implement both my suggestions, and I’ll send a PR once they’re done.
I would have bypassed creating the issues altogether and gone straight to PR originally, but wanted to get thoughts on the issue in the meantime until I finished my days work 😃
Hey, thanks for the tool!
Ah sorry, in my haste I misread the line I highlighted. In that case this issue can be closed, though it might also be useful to add the option to use the
Hostheader in the post/sub/pre-domain checks in addition to the original request’s origin header. Do you agree?