It also create a CORS error when a POST request is sent to the event api from a flutter web app. The navigator will first send a preflight request and plausible will not respond with X-Forwarded-For in Access-Control-Allow-Headers resulting in a CORS error. Plausible not adding X-Forwarded-For to Access-Control-Allow-Headers makes sense as the X-Forwarded-For is set by the reverse proxy and should not be set on client side.
The
X-Forwarded-Foris set to127.0.0.1by the plugin.This is no need to add the
X-Forwarded-Forheader as it is optional according to the event api documentation (https://plausible.io/docs/events-api#request-headers).It also create a CORS error when a POST request is sent to the event api from a flutter web app. The navigator will first send a preflight request and plausible will not respond with
X-Forwarded-ForinAccess-Control-Allow-Headersresulting in a CORS error. Plausible not addingX-Forwarded-FortoAccess-Control-Allow-Headersmakes sense as theX-Forwarded-Foris set by the reverse proxy and should not be set on client side.