From 162691ac2beb59bdd58ca449f8ae946d8ea3011c Mon Sep 17 00:00:00 2001
From: Daijiro Fukuda <fukuda@clear-code.com>
Date: Wed, 26 Mar 2025 13:39:41 +0900
Subject: [PATCH] in_http: add changes for cors_allow_origins on v1.19.0

https://github.com/fluent/fluentd/pull/4866

Signed-off-by: Daijiro Fukuda <fukuda@clear-code.com>
---
 input/http.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/input/http.md b/input/http.md
index 0179380b..5eea3780 100644
--- a/input/http.md
+++ b/input/http.md
@@ -161,6 +161,9 @@ Whitelist domains for CORS.
 
 If you set `["domain1", "domain2"]` to `cors_allow_origins`, `in_http` returns `403` to access from other domains. Since Fluentd v1.2.6, you can use a wildcard character `*` to allow requests from any origins.
 
+Since v1.19.0, Fluentd allows empty `Origin` header requests to prevent rejection of non-cross-origin requests or requests from non-browser clients such as apps or scripts.
+Before v1.19.0, you need to include `nil` or `*` to allow empty `Origin` header requests.
+
 Example:
 
 ```text