Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Authorization header when CORS flag is set #1467

Closed
wants to merge 2 commits into from
Closed

Add Authorization header when CORS flag is set #1467

wants to merge 2 commits into from

Conversation

jameslittle230
Copy link

This PR adds the Access-Control-Allow-Headers flag when CORS mode is enabled.

This would fix simonw/datasette-auth-tokens#4. When making cross-origin requests, the server must respond with all allowable HTTP headers. A Datasette instance using auth tokens must accept the Authorization HTTP header in order for cross-origin authenticated requests to take place.

Please let me know if there's a better way of doing this! I couldn't figure out a way to change the app's response from the plugin itself, so I'm starting here. If you'd rather this logic live in the plugin, I'd love any guidance you're able to give.

@simonw
Copy link
Owner

simonw commented Oct 14, 2021

This looks like a good fix to me.

@simonw
Copy link
Owner

simonw commented Oct 14, 2021

The test there failed because it turns out there's a whole bunch of places that set the Access-Control-Allow-Origin header. I'm going to close this PR and ship a fix that refactors those places to use the same code.

@simonw simonw closed this Oct 14, 2021
simonw added a commit that referenced this pull request Oct 14, 2021
@simonw
--cors Access-Control-Allow-Headers: Authorization
8584993 
Refs #1467, refs simonw/datasette-auth-tokens#4
simonw added a commit that referenced this pull request Oct 14, 2021
@simonw
Updated --cors documentation, refs #1467
81bf9a9
simonw added a commit that referenced this pull request Oct 14, 2021
@simonw
Release 0.59
8934507 
Refs #942, #1404, #1405, #1416, #1420, #1421, #1422, #1423, #1425, #1431, #1443, #1446, #1449, #1467, #1469, #1470, #1488
@jameslittle230
Copy link
Author

Yay! Thank you @simonw!!

simonw added a commit that referenced this pull request Oct 24, 2021
@simonw
--cors Access-Control-Allow-Headers: Authorization
27f326b 
Refs #1467, refs simonw/datasette-auth-tokens#4
simonw added a commit that referenced this pull request Oct 24, 2021
@simonw
Updated --cors documentation, refs #1467
40265f3
simonw added a commit that referenced this pull request Oct 24, 2021
@simonw
Release 0.59
c2c9957 
Refs #942, #1404, #1405, #1416, #1420, #1421, #1422, #1423, #1425, #1431, #1443, #1446, #1449, #1467, #1469, #1470, #1488
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Running Datasette with --cors doesn't allow Authorization header to be passed in
2 participants
@jameslittle230 @simonw