search

makeplane / plane

🔥 🔥 🔥 Open Source JIRA, Linear, Monday, and Asana Alternative. Plane helps you track your issues, epics, and product roadmaps in the simplest way possible.
http://plane.so
GNU Affero General Public License v3.0
29.49k stars 1.62k forks source link

[bug]: Api calls return 401 when called from different domains, despite domain added to .env #4969

Closed Plorenzo closed 3 months ago

Plorenzo commented 3 months ago

Is there an existing issue for this?

Current behavior

I want to create issues via api in plane from my website. Despite adding my domain to CORS_ALLOWED_ORIGINS= in .env file and restarting the services. The api returns 401.

Steps to reproduce

Use snippet from docs 

const options = {
  method: 'POST',
  headers: {
    'x-api-key': 'plane_api_my_api',
    'Content-Type': 'application/json'
  },
  body: '{"issue":{"name":"test"}}'
};

fetch('https://api.plane.so/api/v1/workspaces/{slug}/projects/{project_id}/inbox-issues/', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));

get 401 despite having a correct api key.

It also happens when trying with curl. If I add CORS_ALLOWED_ORIGINS='*' the service restart fails with some django error.

Environment

Production

Browser

Safari

Variant

Local

Version

v0.21.0

pablohashescobar commented 3 months ago

Hi @Plorenzo, thanks for reporting this issue. This has already been reported in #4928. The fix has been also created in #4929.

Closing this issue as duplicate.