add fixme comment related to cache and allow: * in cors requests

2025-12-23 06:09:59 +00:00 · 2025-07-31 16:38:48 +03:00
parent 1474af4845
commit b62f847ffa
1 changed files with 2 additions and 0 deletions
--- a/proxy/src/serverless/rest.rs
+++ b/proxy/src/serverless/rest.rs
@@ -754,6 +754,8 @@ fn apply_common_cors_headers(
                None
            }
        }
+        // FIXME!: on the first request, when we don't have a cached entry for the config,
+        // allowed_origins is None, so we allow all origins for now but we should fix this
        (Some(_), None) => Some(HEADER_VALUE_ALLOW_ALL_ORIGINS),
        _ => None,
    };