Welcome! Log In Create A New Profile

Advanced

Re: [PATCH] Add "compliant" option to ssl_verify_client for CORS support

Maxim Dounin
January 17, 2020 07:00AM
Hello!

On Thu, Jan 16, 2020 at 12:24:54PM -0700, Sampson Crowley wrote:

> the fact is that CORS is part of the whatwg spec, endpoint consumers don't
> differentiate what section of the spec it's a part of, and requiring
> credentials on a preflight request is against the spec, so no, it's not
> compliant. https://bugzilla.mozilla.org/show_bug.cgi?id=1019603#c9

There is more than one spec in the world, and being complaint to
one of them can easily mean being non-complaint to another one.
The word "complaint" means nothing unless it specifies complaint
to what.

And no, requiring credentials on all requests doesn't mean that
nginx with "ssl_verify_client on;" isn't complaint with the CORS
spec. This behaviour might be perfectly complaint, for example,
if no preflight requests are expected on the server.

Anyway, thank you for the patch. It was considered and it won't
be committed. If you want to allow preflight requests while using
SSL certificate verification, consider using "ssl_verify_client
optional;" with appropriate checks during request processing.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[PATCH] Add "compliant" option to ssl_verify_client for CORS support

Anonymous User 139 January 15, 2020 03:52PM

Re: [PATCH] Add "compliant" option to ssl_verify_client for CORS support

Maxim Dounin 50 January 16, 2020 07:10AM

Re: [PATCH] Add "compliant" option to ssl_verify_client for CORS support

sampson@downundersports.com 46 January 16, 2020 10:20AM

Re: [PATCH] Add "compliant" option to ssl_verify_client for CORS support

sampson@downundersports.com 46 January 16, 2020 10:40AM

Re: [PATCH] Add "compliant" option to ssl_verify_client for CORS support

Maxim Dounin 41 January 16, 2020 01:12PM

Re: [PATCH] Add "compliant" option to ssl_verify_client for CORS support

sampson@downundersports.com 37 January 16, 2020 02:26PM

Re: [PATCH] Add "compliant" option to ssl_verify_client for CORS support

sampson@downundersports.com 41 January 16, 2020 02:44PM

Re: [PATCH] Add "compliant" option to ssl_verify_client for CORS support

Maxim Dounin 41 January 17, 2020 06:54AM

Re: [PATCH] Add "compliant" option to ssl_verify_client for CORS support

sampson@downundersports.com 72 January 17, 2020 11:54AM

Re: [PATCH] Add "compliant" option to ssl_verify_client for CORS support

Maxim Dounin 43 January 17, 2020 07:00AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 64
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready