Closed dev-love closed 2 years ago
Just to confirm: I'm happy to accept these headers (and ignore them on the serverside) so that this is no longer an issue. I'll close this issue when we ship that in production.
We now accept tracestate
and traceparent
, see the bottom right of the screenshot :)
@dev-love could you e-mail the requestee informing them?
Customer request:
Hi Friendly Captcha Team,
we recently activated some functions in our Azure Cloud infrastructure that automatically adds the W3C Trace context headers (https://www.w3.org/TR/trace-context/) to all outgoing CORS Requests. To be exact, it is an ApplicationInsights feature that is called CorsCorrelation.
This currently breaks friendly-captcha integration, because our system now requests the following in the CORS headers, when asking for the puzzle using https://api.friendlycaptcha.com/api/v1/puzzle: "access-control-request-headers: request-id,traceparent,x-frc-client"
Your servers do not seem to be configured to allow the W3C trace headers like "traceparent". This is the current response from your server: "access-control-allow-headers: Origin,X-Requested-With,Accept,Content-Type,X-Frc-Client". As you can see, the "traceparent" header is missing, thus leading to a CORS error and breaking the captcha integration.
We had to disable the trace headers to get it to work again. But would you be so kind as to check if you can allow them in the future?