Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Running Datasette with --cors doesn't allow Authorization header to be passed in #4

Closed
jameslittle230 opened this issue Jun 3, 2021 · 3 comments
Closed

Running Datasette with --cors doesn't allow Authorization header to be passed in #4

jameslittle230 opened this issue Jun 3, 2021 · 3 comments
Labels
bug Something isn't working

Comments

@jameslittle230
Copy link

Hi Simon! I'm really enjoying Datasette so far. Wanted to ask about a small incompatibility with this plugin, and offer to submit a PR with some guidance.

Running Datasette with the --cors command line option sets the Access-Control-Allow-Origin header, as expected. However, when I use this plugin and pass in an Authorization header, my web browsers block the request because Datasette's response does not include a Access-Control-Allow-Headers header with a value that includes Authorization. This means the authorized request is blocked by the browser.

Is there a way that this plugin, when running in a Datasette instance instantiated with the --cors flag, could set the pages to return the Access-Control-Allow-Headers header as well?

Thanks!
James
@n0rdlicht
Copy link

Second this, ran across this exact issue today. Any way to enable Access-Control-Allow-Headers either with the --cors flag or via the datasette-cors plugin?

@jameslittle230 jameslittle230 mentioned this issue Sep 8, 2021
Closed
@simonw simonw added the bug Something isn't working label Oct 14, 2021
@simonw
Copy link
Owner

simonw commented Oct 14, 2021

Thanks for this, I'm going to merge your PR and release it as part of Datasette 0.59.

simonw added a commit to simonw/datasette that referenced this issue Oct 14, 2021
@simonw
--cors Access-Control-Allow-Headers: Authorization
8584993 
Refs #1467, refs simonw/datasette-auth-tokens#4
@simonw
Copy link
Owner

simonw commented Oct 14, 2021

Datasette 0.59 is now out and implements this change.

@simonw simonw closed this as completed Oct 14, 2021
simonw added a commit to simonw/datasette that referenced this issue Oct 24, 2021
@simonw
--cors Access-Control-Allow-Headers: Authorization
27f326b 
Refs #1467, refs simonw/datasette-auth-tokens#4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add Authorization header when CORS flag is set jameslittle230/datasette
3 participants
@simonw @n0rdlicht @jameslittle230