This works perfectly fine in Element API 2.7.0, but not 2.8.2 (latest at the time of writing).
Requesting the endpoint directly from within the browser works fine and the Access-Control headers both look correct. It's only when requesting the endpoint from a JS app the the problem occurs. The JS app sends HTTP_ORIGIN which the browser does not AFAIK.
Steps to reproduce
Request an endpoint through a JS app and this error pops up in the console:
Access to XMLHttpRequest at '[ENDPOINT]' from origin '[JS APP URL]' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Description
We're using an endpoint to grab the TOS from a Craft post and displaying it inside a JS app. The endpoint we do this through looks like this:
This works perfectly fine in Element API 2.7.0, but not 2.8.2 (latest at the time of writing).
Requesting the endpoint directly from within the browser works fine and the Access-Control headers both look correct. It's only when requesting the endpoint from a JS app the the problem occurs. The JS app sends HTTP_ORIGIN which the browser does not AFAIK.
Steps to reproduce
Access to XMLHttpRequest at '[ENDPOINT]' from origin '[JS APP URL]' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Additional info