Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CORS policy not applied #950

Open
dimitri-correia opened this issue Nov 2, 2024 · 4 comments
Open

CORS policy not applied #950

dimitri-correia opened this issue Nov 2, 2024 · 4 comments
Milestone
0.14.0

Comments

@dimitri-correia
Copy link

Description

I attempted to use a Dioxus frontend with Loco as my backend, but the CORS policy I've configured doesn't seem to be working correctly.

When making a fetch request from my frontend at 'http://localhost:8080' to my Loco backend at 'http://localhost:5150/api/register', I receive the following error:

Access to fetch at 'http://localhost:5150/api/register' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Even though I have configured the CORS settings in my configuration file to prevent CORS issues, it appears they are not being applied:

middlewares:
  cors:
    enable: true
    allow_origins:
      - http://localhost:8080
    allow_headers:
      - Content-Type
    allow_methods:
      - POST

When I check the middleware settings with the cargo loco middleware --config command, the output indicates that the configuration should work:

cors {"allow_headers":["Content-Type"],"allow_methods":["POST"],"allow_origins":["http://localhost:8080"],"enable":true,"max_age":null,"vary":["origin","access-control-request-method","access-control-request-headers"]}

Steps to Reproduce

  1. Configure the middleware with the following settings: 
    middlewares:
  cors:
    enable: true
    allow_origins:
      - http://localhost:8080
    allow_headers:
      - Content-Type
    allow_methods:
      - POST
  2. Attempt to make a request from another server running on http://localhost:8080.

Expected Behavior

The server should apply the CORS policy, allowing the request from the specified origin and responding appropriately.
@ndtoan96
Copy link
Contributor

ndtoan96 commented Nov 3, 2024

I got the same problem. After playing around, the issue seems to be that loco server only returns Access-Control-Allow-Origin for the POST request, but not for OPTIONS (prelight) request.

@AngelOnFira
Copy link

This is similar to #934, I'm going to see if I can make a PR to close both.

@AngelOnFira AngelOnFira mentioned this issue Nov 4, 2024
Closed
@jondot jondot added this to the 0.13.1 milestone Nov 20, 2024
@jondot
Copy link
Contributor

jondot commented Nov 22, 2024

seems latest version does reply with correct headers on preflight check:

e553e23

is this still happening in recent version?

@jondot jondot mentioned this issue Nov 22, 2024
Merged
@jondot jondot modified the milestones: 0.13.1, 0.14.0 Nov 22, 2024
@jondot
Copy link
Contributor

jondot commented Nov 22, 2024

per #1009 i've moved this to 0.14.0 for now

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.14.0
Development

No branches or pull requests
4 participants
@jondot @AngelOnFira @ndtoan96 @dimitri-correia