Closed jonasKjellerup closed 10 months ago
Error message 'Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://stregsystem.fklub.dk/api/sale. (Reason: header ‘content-type’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response).'
This will have to be patched in the middleware used for handling CORS on Stregsystemet. This means that this issue has likely been ongoing since the CLI backend was retired.
The current preflight handling does not whitelist the Content-Type
causing the error. While Content-Type
is a CORS-safelisted header, application/json
content is not permitted by default.
We will want to add Access-Control-Allow-Headers: Content-type
to the preflight response headers.
Have you been able to reproduce it locally yet?
I was able reproduce it locally and the mentioned fix solves the issue.
Has the fix been deployed yet?
Eitherway, I'll be closing this issue as a fix has been implemented and merged.
It's been deployed, thought the issue was linked!
There have been reports, from multiple users, of purchases failing, both when using the cart functionality and when using single-item purchase.
This likely stems from the
post_sale
API call failing. I have been unable to replicate this on a demo instance, so this is most likely either configuration issue from when fappen was last built and deployed, or a breaking change in the stregsystemet API - the former being the most likely scenario.@LowkeyCoding Do you know if the application has been deployed since we migrated from the python backend to the REST API backend?