Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding CORS header on preflight request #80

Merged
merged 2 commits into from
Mar 12, 2024
Merged

Adding CORS header on preflight request #80

merged 2 commits into from
Mar 12, 2024

Conversation

likp
Copy link
Contributor

@likp likp commented Mar 5, 2024

Added a middleware to handle options request

@likp likp linked an issue Mar 5, 2024 that may be closed by this pull request
Fix CORS #45
Closed
@likp likp requested a review from MikaelNordberg March 5, 2024 13:10
@likp likp marked this pull request as ready for review March 5, 2024 13:10
@likp likp requested review from runejo and JohannesFinsveen March 5, 2024 13:10
MikaelNordberg
MikaelNordberg approved these changes Mar 6, 2024
View reviewed changes
Copy link
Contributor

@MikaelNordberg MikaelNordberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

@runejo
Copy link
Contributor

runejo commented Mar 8, 2024
edited
Loading

Hi!
I have tried to verify this, but i can't trigger the new code. Could you the post the curl example?
This is what i tried

curl -I -X OPTIONS -H "Origin: http://localhost:3000" "http://localhost:43071/api/v2/tables/TAB004/data?outputFormat=json-stat2"

HTTP/1.1 405 Method Not Allowed
Date: Fri, 08 Mar 2024 15:31:06 GMT
Server: Kestrel
Access-Control-Allow-Origin: *
Allow: GET, POST
Transfer-Encoding: chunked

I'm also starting to wonder if we where testing it the wrong way. Looking at the browser requests it should be more like this

curl -I -X OPTIONS -H "Origin: http://localhost:3000" -H 'Access-Control-Request-Method: POST' -H "Access-Control-Request-Headers: Content-Type" "http://localhost:43071/api/v2/tables/TAB004/data?outputFormat=json-stat2"

HTTP/1.1 204 No Content
Date: Fri, 08 Mar 2024 15:38:23 GMT
Server: Kestrel
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Origin: *

This already works on the main branch, but I had to add these two lines

Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET,POST

.. to remove this error I saw in Chrome when testing agains our deployed version

Access to fetch at 'https://pxapi2.staging-bip-app.ssb.no/api/v2/tables/TAB004/data?outputFormat=json-stat2' from origin 'http://localhost:3000' has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.

@likp
Copy link
Contributor Author

likp commented Mar 11, 2024

@runejo good catch! The middleware worked fine in my test project but it did not i the PxWebApi 2.0 project instead it throw an exception. I have written a fix for it and now the curl query above should work.

@runejo
Copy link
Contributor

runejo commented Mar 11, 2024

Yes now it works 👍

curl -I -X OPTIONS -H "Origin: http://localhost:3000" "https://localhost:5001/api/v2/tables/TAB004/data?outputFormat=json-stat2"

HTTP/1.1 200 OK
Date: Mon, 11 Mar 2024 15:16:30 GMT
Server: Kestrel
Access-Control-Allow-Origin: *
Allow: GET, POST, OPTIONS
Transfer-Encoding: chunked

@likp likp merged commit 06b7f34 into main Mar 12, 2024
4 checks passed
@likp likp deleted the fix/options branch March 12, 2024 09:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MikaelNordberg MikaelNordberg MikaelNordberg approved these changes

@runejo runejo runejo approved these changes

@JohannesFinsveen JohannesFinsveen Awaiting requested review from JohannesFinsveen JohannesFinsveen is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix CORS
3 participants
@likp @runejo @MikaelNordberg