Welcome! Log In Create A New Profile

Advanced

Re: [PATCH] Add "compliant" option to ssl_verify_client for CORS support

Maxim Dounin
January 17, 2020 07:00AM
Hello!

On Thu, Jan 16, 2020 at 12:24:54PM -0700, Sampson Crowley wrote:

> the fact is that CORS is part of the whatwg spec, endpoint consumers don't
> differentiate what section of the spec it's a part of, and requiring
> credentials on a preflight request is against the spec, so no, it's not
> compliant. https://bugzilla.mozilla.org/show_bug.cgi?id=1019603#c9

There is more than one spec in the world, and being complaint to
one of them can easily mean being non-complaint to another one.
The word "complaint" means nothing unless it specifies complaint
to what.

And no, requiring credentials on all requests doesn't mean that
nginx with "ssl_verify_client on;" isn't complaint with the CORS
spec. This behaviour might be perfectly complaint, for example,
if no preflight requests are expected on the server.

Anyway, thank you for the patch. It was considered and it won't
be committed. If you want to allow preflight requests while using
SSL certificate verification, consider using "ssl_verify_client
optional;" with appropriate checks during request processing.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[PATCH] Add "compliant" option to ssl_verify_client for CORS support

Anonymous User 315 January 15, 2020 03:52PM

Re: [PATCH] Add "compliant" option to ssl_verify_client for CORS support

Maxim Dounin 177 January 16, 2020 07:10AM

Re: [PATCH] Add "compliant" option to ssl_verify_client for CORS support

sampson@downundersports.com 172 January 16, 2020 10:20AM

Re: [PATCH] Add "compliant" option to ssl_verify_client for CORS support

sampson@downundersports.com 185 January 16, 2020 10:40AM

Re: [PATCH] Add "compliant" option to ssl_verify_client for CORS support

Maxim Dounin 135 January 16, 2020 01:12PM

Re: [PATCH] Add "compliant" option to ssl_verify_client for CORS support

sampson@downundersports.com 166 January 16, 2020 02:26PM

Re: [PATCH] Add "compliant" option to ssl_verify_client for CORS support

sampson@downundersports.com 187 January 16, 2020 02:44PM

Re: [PATCH] Add "compliant" option to ssl_verify_client for CORS support

Maxim Dounin 129 January 17, 2020 06:54AM

Re: [PATCH] Add "compliant" option to ssl_verify_client for CORS support

sampson@downundersports.com 218 January 17, 2020 11:54AM

Re: [PATCH] Add "compliant" option to ssl_verify_client for CORS support

Maxim Dounin 133 January 17, 2020 07:00AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 115
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready