Open
Description
Discussed in #1823
Originally posted by gyusang August 26, 2022
When sending a CORS request with credentials, wildcard origin is rejected by the standard.
The CORS middleware handles this case when cookies are included, but is missing the case when Authorization
header is present.
starlette/starlette/middleware/cors.py
Lines 164 to 165 in 31164e3
Since Token authentication is also widely used these days, I believe explicit header should be returned when
Authorization
header is present.Important
- We're using Polar.sh so you can upvote and help fund this issue.
- We receive the funding once the issue is completed & confirmed by you.
- Thank you in advance for helping prioritize & fund our backlog.