Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

client: client specific CORS settings #957

Closed
ayZagen opened this issue Jul 31, 2018 · 6 comments
Closed

client: client specific CORS settings #957

ayZagen opened this issue Jul 31, 2018 · 6 comments
Labels
feat New feature or request. package/client package/oauth2
Milestone
v1.0.0-rc.1

Comments

@ayZagen
Copy link

ayZagen commented Jul 31, 2018

It would be great to have the ability to set client specific allowed origins.
@aeneasr
Copy link
Member

aeneasr commented Aug 1, 2018

Please provide more context:

  • Which endpoints should be affected?
  • What's the use case?
  • Does this exist in the wild, and if so, where?

Thank you!

@ayZagen
Copy link
Author

ayZagen commented Aug 1, 2018

Taken from Auth0

Allowed Origins are URLs that will be allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if you need to. You can specify multiple valid URLs by comma-separating them or one by line, and also use wildcards at the subdomain level (e.g.: https://*.contoso.com). Notice that querystrings and hash information are not taking into account when validating these URLs.

@aeneasr
Copy link
Member

aeneasr commented Aug 1, 2018

Right, but in this case this would be only the /oauth2/token and /oauth2/revoke endpoints, as all other endpoints do not have a concept of request ownership. Does that cover your use case?

@ayZagen
Copy link
Author

ayZagen commented Aug 1, 2018

Also /oauth2/auth ?

@aeneasr
Copy link
Member

aeneasr commented Aug 2, 2018

That endpoint is only accessed by the user through the browser directly, no CORS needed here.

@aeneasr aeneasr changed the title [Feature Request] Client specific CORS settings client: client specific CORS settings Aug 6, 2018
@aeneasr aeneasr added this to the unplanned milestone Aug 6, 2018
@aeneasr aeneasr modified the milestones: unplanned, v1.0.0-rc.1 Aug 21, 2018
@aeneasr
Copy link
Member

aeneasr commented Aug 27, 2018

Closed by #1009

@aeneasr aeneasr closed this as completed Aug 27, 2018
@jgiles jgiles mentioned this issue Feb 27, 2019
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feat New feature or request. package/client package/oauth2
Projects
None yet
Milestone
v1.0.0-rc.1
Development

No branches or pull requests
2 participants
@aeneasr @ayZagen