Skip to content

security: improve clarity of CORS docstrings

Administrator requested to merge sg/public-api-refactor-3 into main

Created by: slimsag

Stacked on top of #27297

In particular, the wildcard handling comment here was incomplete and did not clarify how a request with Origin: * would actually end up at Sourcegraph (after all, browsers would send a URL not *.) We've had regressions here in the past, e.g. one I fixed almost 3 years ago in 92c706d85813a7e03a7ddfe55ab7f218ed4ca38a

So generally improve the clarity of these docstrings and explain what is going on.

Signed-off-by: Stephen Gutekanst [email protected]

Merge request reports

Loading