CORS is not working

[zhzy0077]

Supporting Details Provide the following:

• Browser Version: Edge Version 120.0.2210.121 (Official build) (64-bit)
• Headscale Version: 0.22.3
• Any Browser Errors (control+shift+i in chrome to see) Access to fetch at 'https://xxx/api/v1/apikey' from origin 'https://xxxx' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

Describe the bug The problem for CORS is that -

1. the preflight goes to /api/v1/apikey without credentials (this is by design)
2. headscale replies a 401 to OPTIONS /api/v1/apikey

   
   > OPTIONS /api/v1/apikey HTTP/1.1
   > Host: xxx
   > User-Agent: curl/8.4.0
   > Accept: */*
   >

< HTTP/1.1 401 Unauthorized < Server: openresty < Date: Wed, 10 Jan 2024 03:05:54 GMT < Content-Type: text/plain; charset=utf-8 < Content-Length: 12 < Connection: keep-alive < Access-Control-Allow-Origin: * < Access-Control-Allow-Credentials: true < Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS < Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With < Unauthorized

1. Browser treats 401 as no-ok and blocked the CORS request(even though all CORS headers in place). 

Access to fetch at 'https://xxx/api/v1/apikey' from origin 'https://xxxx' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

Sounds like CORS will never work unless headscale replies 2xx for OPTIONS requests.

[routerino]

Yes this is a known issue.

See https://github.com/gurucomputing/headscale-ui?tab=readme-ov-file#cross-domain-installation

[routerino]

closing due to no replies within 30 days and as a general cleanup