search

TiddlyWiki / TiddlyWiki5

A self-contained JavaScript wiki for the browser, Node.js, AWS Lambda etc.
https://tiddlywiki.com/
Other
7.97k stars 1.18k forks source link

[BUG] No way to remove the X-requested-with header from `tm-http-request` requests #8149

Closed mklauber closed 3 months ago

mklauber commented 4 months ago

Describe the bug

Due to tightly configured Access-Control-Allow-Headers headers, extraneous headers can interfere with CORS validation when hitting external APIs. In particular, I ran into an issue with the x-requested-with header not being permitted while playing with the stablehorde API described here.

Unless there's a way to disable/remove these headers, it's probably better (i.e. most flexible) to require users to set them deliberately.

Expected behavior

Only the explicitly configured headers are submitted, or there's a way to remove automatic headers

To Reproduce

No response

Screenshots

No response

TiddlyWiki Configuration

Desktop (please complete the following information):

Additional context

https://github.com/Jermolene/TiddlyWiki5/pull/8148

pmario commented 4 months ago

You access the "horde api" from TW. That's interesting. I do have an internet facing horde server. Do you intend to publish some more info about that project.

I would be extremely interested.

saqimtiaz commented 3 months ago

Resolved in https://github.com/Jermolene/TiddlyWiki5/pull/8152, @mklauber @Jermolene this issue should be closed.

Jermolene commented 3 months ago

Thanks @saqimtiaz