Skip to content

Remove debug Access-Control-Allow-Credentials header from ListObjects#144

Open
G4brym wants to merge 1 commit intomainfrom
fix/remove-debug-header-in-list-objects
Open

Remove debug Access-Control-Allow-Credentials header from ListObjects#144
G4brym wants to merge 1 commit intomainfrom
fix/remove-debug-header-in-list-objects

Conversation

@G4brym
Copy link
Owner

@G4brym G4brym commented Mar 7, 2026

Summary

  • Removes the line c.header("Access-Control-Allow-Credentials", "asads") from the ListObjects handler in packages/worker/src/modules/buckets/listObjects.ts
  • The value "asads" is not a valid value for this header (the only valid value is "true") and appears to be a debug/test leftover
  • CORS is already properly handled by the hono cors() middleware when enabled via the cors config option in src/index.ts

Why

This stray header sets an invalid value that browsers will ignore, but it's unnecessary noise in HTTP responses and could cause confusion when debugging CORS-related issues.

🤖 Generated with Claude Code

@G4brym @claude
Remove debug Access-Control-Allow-Credentials header from listObjects
d863a1e 
The `c.header("Access-Control-Allow-Credentials", "asads")` line in the
ListObjects handler sets an invalid value for the header (valid values
are "true" or the header should be omitted). This appears to be a debug
leftover. CORS is already properly handled by the hono cors() middleware
when enabled via config.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Mar 7, 2026

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs		 r2-explorer-docs d863a1e Commit Preview URL

Branch Preview URL		 Mar 07 2026, 04:45 PM

@G4brym
Copy link
Owner Author

G4brym commented Mar 7, 2026

Automated Code Review — APPROVED ✅

Review Scores: 5/5 reviewers approved

Summary

Reviewed the removal of a debug Access-Control-Allow-Credentials: asads header from the ListObjects handler. This is a clean, safe removal of a leftover debug line with an invalid header value. CORS is properly handled by hono's cors() middleware.

Review Perspectives

  1. Correctness: ✅ The removed header had an invalid value ("asads" instead of "true"); browsers ignore it. No functional behavior changes.
  2. Security: ✅ Minor hygiene improvement — removes unnecessary header noise. No new attack surface.
  3. Performance: ✅ One fewer header set per request (negligible but positive).
  4. Code Quality: ✅ Clean removal of debug leftover. Focused, minimal change.
  5. Testing: ✅ No new functionality; existing tests unaffected. The invalid header was not relied upon by any client.

No issues found. Clean PR.

🤖 Automated review by prodboard

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@G4brym