Deadwood-ai / storage-server

Docker compose file for storage-server-as-code
GNU General Public License v3.0
0 stars 0 forks source link

Upload error due to CORS policy (multiple values in header) #2

Open JesJehle opened 3 months ago

JesJehle commented 3 months ago

Hi, wir hatten es ja bereits davon. Hier noch mal der Fehler:

https://data.deadtrees.earth/api/v1/datasets' from origin 'http://localhost:5173' has been blocked by CORS policy: 
Response to preflight request doesn't pass access control check: 
The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost:5173, *', but only one is allowed. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Hier noch mal die codesanbox:

image
JesJehle commented 3 months ago

This is a successful response with proxy: image

Access_controll_origin: *

JesJehle commented 3 months ago

@mmaelicke I still getting CORS errors, not longer because of the two allow origin values but this:

Access to fetch at 'https://data.deadtrees.earth/api/v1/datasets' from origin 'http://localhost:5173' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

Could it be, thatCORSMiddleware alllowed_methods are incorrectly specified:

app.add_middleware(
    CORSMiddleware,
    allow_origins=['https://deadtrees.earth', 'https://www.deadtrees.earth'],
    allow_origin_regex='http://localhost:.*',
    allow_credentials=True,
    allow_methods=['OPTIONS, GET, POST, PUT'], // should be a list
    allow_headers=['Content-Type', 'Authorization', 'Origin', 'Accept'],
)

image

JesJehle commented 3 months ago

Could we simplify this for a moment with allow_origin='*' allow_methods='*' and see if this fixes the issue

codesanbox: