Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bearer token auth CORS issue #137

Closed
michaelbromley opened this issue Aug 8, 2019 · 2 comments
Closed

Bearer token auth CORS issue #137

michaelbromley opened this issue Aug 8, 2019 · 2 comments
Assignees
@michaelbromley
Labels
type: bug 🐛 Something isn't working @vendure/core

Comments

@michaelbromley
Copy link
Member

michaelbromley commented Aug 8, 2019
edited
Loading

Describe the bug
When using the "bearer" auth method, the "vendure-auth-token" cannot be read from another origin since it is a non-standard header.

If you want clients to be able to access other headers, you have to use the Access-Control-Expose-Headers header. The value of this header is a comma-delimited list of response headers you want to expose to the client.

As it stands the server would have to be manually configured to allow the vendure token header to be read from another origin:

const config: VendureConfig = {
  // ...
  cors: {
    exposedHeaders: ['vendure-auth-token'],
  }
};

Expected behavior
This should not be something the developer needs to think about. It should be enabled by default if the "bearer" method is being used.

Care needs to be taken to not override any existing CORS options specified in the config.

Environment (please complete the following information):

  • @vendure/core version: 0.1.2-beta.11
@michaelbromley michaelbromley added type: bug 🐛 Something isn't working @vendure/core labels Aug 8, 2019
@michaelbromley michaelbromley self-assigned this Aug 8, 2019
@phuoymakara
Copy link

@michaelbromley I get errors when fetching data on another application and It may the error with cores. So, how can I do it in right way?

@michaelbromley
Copy link
Member Author

@phuoymakara For support requests, please join our Discord community: https://vendure.io/community

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michaelbromley michaelbromley

Labels
type: bug 🐛 Something isn't working @vendure/core
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@michaelbromley @phuoymakara