Epartment CORS error - Githubissues

» curl -H "Origin: https://app.inter-actief.test:5173/" -H "Accept: application/json" -H "Content-Type: application/json" -X POST https://amelie-graphql.kube.ia.utwente.nl/graphql/ -d '{"query": "{activities(limit:1){results{summary}}}"}'   
{"data":{"activities":{"results":[{"summary":"OWIHFOEMTZ"}]}}}%

Seems to work just fine?

It kinda looks like the request is sent to "https://amelie-graphql.kube.ia.utwente.nl/graphql" and not "https://amelie-graphql.kube.ia.utwente.nl/graphql/" (note trailing slash), which causes a redirect, which the cors preflight request doesn't like. So should be simple to fix by them adding a trailing slash

Full request with headers

```bash » curl -v -H "Origin: https://app.inter-actief.test:5173/" -H "Accept: application/json" -H "Content-Type: application/json" -X POST https://amelie-graphql.kube.ia.utwente.nl/graphql/ -d '{"query": "{activities(limit:1){results{summary}}}"}' Note: Unnecessary use of -X or --request, POST is already inferred. * Host amelie-graphql.kube.ia.utwente.nl:443 was resolved. * IPv6: (none) * IPv4: 130.89.148.135 * Trying 130.89.148.135:443... * Connected to amelie-graphql.kube.ia.utwente.nl (130.89.148.135) port 443 * ALPN: curl offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: none * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / x25519 / RSASSA-PSS * ALPN: server accepted h2 * Server certificate: * subject: CN=amelie-graphql.kube.ia.utwente.nl * start date: Apr 20 13:49:26 2024 GMT * expire date: Jul 19 13:49:25 2024 GMT * subjectAltName: host "amelie-graphql.kube.ia.utwente.nl" matched cert's "amelie-graphql.kube.ia.utwente.nl" * issuer: C=US; O=Let's Encrypt; CN=R3 * SSL certificate verify ok. * Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption * Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption * Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption * using HTTP/2 * [HTTP/2] [1] OPENED stream for https://amelie-graphql.kube.ia.utwente.nl/graphql/ * [HTTP/2] [1] [:method: POST] * [HTTP/2] [1] [:scheme: https] * [HTTP/2] [1] [:authority: amelie-graphql.kube.ia.utwente.nl] * [HTTP/2] [1] [:path: /graphql/] * [HTTP/2] [1] [user-agent: curl/8.7.1] * [HTTP/2] [1] [origin: https://app.inter-actief.test:5173/] * [HTTP/2] [1] [accept: application/json] * [HTTP/2] [1] [content-type: application/json] * [HTTP/2] [1] [content-length: 52] > POST /graphql/ HTTP/2 > Host: amelie-graphql.kube.ia.utwente.nl > User-Agent: curl/8.7.1 > Origin: https://app.inter-actief.test:5173/ > Accept: application/json > Content-Type: application/json > Content-Length: 52 > * upload completely sent off: 52 bytes * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing < HTTP/2 200 < date: Thu, 02 May 2024 15:20:56 GMT < content-type: application/json < content-length: 62 < vary: Cookie, Accept-Language, Origin < x-frame-options: DENY < x-content-type-options: nosniff < referrer-policy: same-origin < content-language: nl < access-control-allow-origin: * < set-cookie: amelie_csrftoken=e9Mvt5OnCsL5QrZ2QMK18rqXnDYy9XNKkCRL5plUm2xdnDrvkxdzigX5EzEdzEot; expires=Thu, 01 May 2025 15:20:56 GMT; Max-Age=31449600; Path=/; SameSite=Lax; Secure < strict-transport-security: max-age=31536000; includeSubDomains < * Connection #0 to host amelie-graphql.kube.ia.utwente.nl left intact {"data":{"activities":{"results":[{"summary":"OWIHFOEMTZ"}]}}}% ```

Inter-Actief / amelie

Epartment CORS error #856