Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

req.origin should display the origin header if it exists, not the current hostname #1008

Open
jonathanong opened this issue Jun 23, 2017 · 15 comments
Open

req.origin should display the origin header if it exists, not the current hostname #1008

jonathanong opened this issue Jun 23, 2017 · 15 comments
Labels
help wanted version-major
Milestone
v3.0.0

Comments

@jonathanong
Copy link
Member

koa/lib/request.js

Line 95 in aaac09a

return `${this.protocol}:https://${this.host}`;

what do you all think? this would be a breaking change
@fengmk2
Copy link
Member

fengmk2 commented Jun 24, 2017

origin header should use request.get('origin') better than request.origin.

@fl0w
Copy link
Contributor

fl0w commented Jun 24, 2017

I think this would be a good change, request.origin isn't used by us for this reason. I think most plugins/users behind a proxy in need of origin get it via request.get anyway. E.g. https://github.com/koajs/cors/blob/master/index.js#L46

@fl0w
Copy link
Contributor

fl0w commented Jun 24, 2017
edited
Loading

If this is done (thus semver-major bump), maybe consider other #904, and dropping https://github.com/koajs/koa/blob/master/lib/application.js#L107?

@jonathanong if you'd like to proceed with a new version, maybe create a v3 milestone as "todos"?

edit oh, the milestone already existed!

@jonathanong jonathanong added this to the v3.0.0 milestone Jun 25, 2017
@jonathanong
Copy link
Member Author

👍

@fl0w
Copy link
Contributor

fl0w commented Jun 25, 2017

What's the expected behaviour here?

if header.origin:
  return header.origin
else
  return this.protocol + this.host // current behaviour

@iyuq
Copy link
Contributor

iyuq commented Jun 26, 2017

Don't agree with return header.origin when exist, else return protocol + host, For header.origin is mostly used for CORS. I think should return header.origindirectly.

@dead-horse dead-horse mentioned this issue Dec 24, 2017
Closed
@broofa
Copy link

broofa commented Oct 25, 2018
edited
Loading

origin should reflect exactly-and-only what exists in the request. Special casing the behavior will be confusing and unexpected, especially when proxies/load balancers/VPNs start getting involved.

@qwelias
Copy link

qwelias commented Apr 17, 2019

Yeah, it was very confusing to me, had to fallback to request.get('origin')

@pke
Copy link

pke commented Nov 15, 2019

So let me try to understand that. If I want to compose links in my response, that the client can directly follow I have to use the origin header? Is it always guaranteed to be set?

@cleverboy32
Copy link

why i use baseURl 127.0.0.1:port/xxxxxxxx in ssr get data, get hostname is { localhost: port } just equal the url ..........

@trainto trainto mentioned this issue Jul 24, 2020
Closed
@trainto
Copy link

trainto commented Jul 24, 2020

Don't agree with return header.origin when exist, else return protocol + host, For header.origin is mostly used for CORS. I think should return header.origindirectly.

I agree. origin just should indicate where a fetch originates from. Not the host to which the request is being sent.

@Banou26
Copy link

Banou26 commented Aug 30, 2021

How is this still not fixed, it's such a little change...

@willmac997
Copy link

This is a problem for me to

@siakc
Copy link

siakc commented Dec 22, 2023

It is a trivial change why help is wanted? May I help?

@MarcGodard
Copy link

@siakc please help... this is above my ability, but also need this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted version-major
Projects
None yet
Milestone
v3.0.0
Development

No branches or pull requests