Fix/proxy cors

[bdmendes]

Closes #158

Review checklist

• Contains enough appropriate tests
• Behavior is as expected
• Clean, well-structured code

[codecov]

Codecov Report

Patch and project coverage have no change.

Comparison is base (fa4e2be) 95.38% compared to head (4e5ffdc) 95.38%.

Additional details and impacted files

@@           Coverage Diff            @@
##           develop     #215   +/-   ##
========================================
  Coverage    95.38%   95.38%           
========================================
  Files           16       16           
  Lines          130      130           
  Branches        18       18           
========================================
  Hits           124      124           
  Misses           6        6           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[limwa]

LGTM 🚀
Left a comment, but it's just a question and not really a request for changes!

[limwa]

Is adding CONNECT and TRACE as well worth it?

[bdmendes]

Do not think so, they are not the type of requests we would do to the server via the frontend

[limwa]

Also, I know that it is out of the scope of this PR but won't this line (https://github.com/NIAEFEUP/website-niaefeup-frontend/pull/215/files#diff-4bcda89884a979801f8a542290893a21e5213fc48218ec305b5434ef11e70ddaR6) cause an error when the request body is, for instance, an image?

[limwa]

Sorry, I just noticed that HEAD and OPTIONS requests don't have a body. Line 6 of +server.ts should be changed accordingly. I also left another suggestion so let me know what you think.

[limwa]

I think the Origin header is automatically added by browsers when fetch is called, so it shouldn't be necessary.

[bdmendes]

It is, it's just a way to make sure it is there. I'm not sure how could we have a cors problem otherwise.

[limwa]

I think the cors problem was because OPTIONS requests (used by CORS) weren't being proxied to the backend. I'll approve either way.

[bdmendes]

Also, I know that it is out of the scope of this PR but won't this line (https://github.com/NIAEFEUP/website-niaefeup-frontend/pull/215/files#diff-4bcda89884a979801f8a542290893a21e5213fc48218ec305b5434ef11e70ddaR6) cause an error when the request body is, for instance, an image?

I am not sure that it would cause an error (did a quick search and the docs do not appear to mention that), maybe it will simply be a utf-8 string representation of the bytes.
I do agree that that may not be the best way to handle those cases, feel free to open an issue about that.

[limwa]

LGTM 🚀

[limwa]

Also, I know that it is out of the scope of this PR but won't this line (https://github.com/NIAEFEUP/website-niaefeup-frontend/pull/215/files#diff-4bcda89884a979801f8a542290893a21e5213fc48218ec305b5434ef11e70ddaR6) cause an error when the request body is, for instance, an image?

I am not sure that it would cause an error (did a quick search and the docs do not appear to mention that), maybe it will simply be a utf-8 string representation of the bytes. I do agree that that may not be the best way to handle those cases, feel free to open an issue about that.

From my testing, you're right, it doesn't error. However, it still means we won't be able to upload images (or other binary formats) properly to our backend. I'll open the issue.

[BrunoRosendo]

I can't test because of this error:

Error: Invalid export 'HEAD' in src/routes/api/[...endpoint]/+server.ts (valid exports are GET, POST, PATCH, PUT, DELETE, OPTIONS, prerender, trailingSlash, config, or anything with a '_' prefix)

Did you encounter it?

[limwa]

I can't test because of this error:

Error: Invalid export 'HEAD' in src/routes/api/[...endpoint]/+server.ts (valid exports are GET, POST, PATCH, PUT, DELETE, OPTIONS, prerender, trailingSlash, config, or anything with a '_' prefix)

Did you encounter it?

That issue has been fixed in SvelteKit v1.22.0 (https://github.com/sveltejs/kit/blob/master/packages/kit/CHANGELOG.md).

I just noticed that we are using the dependency "@sveltejs/kit" with the tag "next". As per this page, that will resolve to version "1.0.0-next.589". We might want to change the tag in the package.json file to "latest" or something else as that version is very outdated (7 months old).

[BrunoRosendo]

lgtm, the issue should be solved after bumping sveltekit version