Closed AGTheodorides closed 1 year ago
Here we have tests to check the response headers in case of OPTIONS request: https://github.com/moleculerjs/moleculer-web/blob/f375dbb4f8bff8aa16e95024e5c65463b626fa45/test/integration/index.spec.js#L2454-L2527
Indeed, it was the request originator at fault in my case after all - they were not sending the 'origin' header. This works like a charm.
Thank you!
Hi, just wanted to bring to your attention that the CORS OPTIONS preflight response does not include the required Access-Control-Allow-*_ headers (Access-Control-Allow-Methods, Access-Control-Allow-Origin, etc.). This results in some browsers/libraries are failing with generic network errors. A quick workaround is to leave CORS undefined in the service schema and handle the preflight requests with middleware.