Closed timtim17 closed 10 months ago
The server only returns CORS headers in requests that include an Origin
header. See e.g.
$ curl -H 'Origin: https://example.com' -v http://localhost/api/v1/events/
* Trying 127.0.0.1:80...
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /api/v1/events/ HTTP/1.1
> Host: localhost
> User-Agent: curl/8.1.2
> Accept: */*
> Origin: https://example.com
>
< HTTP/1.1 200 OK
< Date: Wed, 06 Dec 2023 20:21:31 GMT
< Content-Type: application/json
< Access-Control-Allow-Origin: *
< Vary: Origin
< Content-Language: en
< Content-Length: 151
<
* Connection #0 to host localhost left intact
{"eventCodes":["test"]}
If you are having CORS issues from a site/application, we will need more information on the specific request being sent and the error being thrown.
Describe the bug My understanding per #231 is that API endpoints should respond with CORS headers to
Access-Control-Allow-Origin: *
.At my event today, I tried making some API requests and ran into CORS issues. I don't see headers related to CORS in the response.
To Reproduce Steps to reproduce the behavior:
http://$IP/api/v1/events/
orhttp://$IP/api/v1/version/
Expected behavior A clear and concise description of what you expected to happen.
Response should include CORS headers
Screenshots
Device (please complete the following information):
Additional context Add any other context about the problem here.
FTC Live version v5.1.5