Closed jonasKjellerup closed 10 months ago
Nobogo
commented
10 months ago Error message 'Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://stregsystem.fklub.dk/api/sale. (Reason: header ‘content-type’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response).'
jonasKjellerup
commented
10 months ago This will have to be patched in the middleware used for handling CORS on Stregsystemet. This means that this issue has likely been ongoing since the CLI backend was retired.
The current preflight handling does not whitelist the Content-Type causing the error. While Content-Type is a CORS-safelisted header, application/json content is not permitted by default.
We will want to add Access-Control-Allow-Headers: Content-type to the preflight response headers.
krestenlaust
commented
10 months ago Have you been able to reproduce it locally yet?
LowkeyCoding
commented
10 months ago I was able reproduce it locally and the mentioned fix solves the issue.
jonasKjellerup
commented
10 months ago Has the fix been deployed yet?
Eitherway, I'll be closing this issue as a fix has been implemented and merged.
krestenlaust
commented
10 months ago It's been deployed, thought the issue was linked!
There have been reports, from multiple users, of purchases failing, both when using the cart functionality and when using single-item purchase.
This likely stems from the
post_saleAPI call failing. I have been unable to replicate this on a demo instance, so this is most likely either configuration issue from when fappen was last built and deployed, or a breaking change in the stregsystemet API - the former being the most likely scenario.@LowkeyCoding Do you know if the application has been deployed since we migrated from the python backend to the REST API backend?