Rules Hub
Coding Rules Library
← Back to all rules
Rule priority, scope & exceptions
Use this to align rules with the senior-level structure (P0/P1/P2, scope, exceptions/tradeoffs).
backend ruleP1stack specificStack: node
corscachinghttpvary
Include Origin in the Vary header for cached CORS responses
When CORS responses can be cached, add Origin to Vary so a response for one origin isn't served to another.
PR: hegnar-web · org-mining-hist-2026-06Created: Jun 19, 2026
Bad example
Old codetypescript
| 1 | res.setHeader('Vary', 'fa-app'); |
| 2 | res.setHeader('Access-Control-Allow-Origin', origin); |
Explanation (EN)
Objašnjenje (HR)
Good example
New codetypescript
| 1 | res.setHeader('Vary', 'fa-app, Origin'); |
| 2 | res.setHeader('Access-Control-Allow-Origin', origin); |
Explanation (EN)
Objašnjenje (HR)