CORS Preflight Issue - Githubissues

moleculerjs / moleculer-web

:earth_africa: Official API Gateway service for Moleculer framework

http://moleculer.services/docs/moleculer-web.html

MIT License

292 stars 120 forks source link

CORS Preflight Issue #322

Closed AGTheodorides closed 1 year ago

AGTheodorides commented 1 year ago

Hi, just wanted to bring to your attention that the CORS OPTIONS preflight response does not include the required Access-Control-Allow-*_ headers (Access-Control-Allow-Methods, Access-Control-Allow-Origin, etc.). This results in some browsers/libraries are failing with generic network errors. A quick workaround is to leave CORS undefined in the service schema and handle the preflight requests with middleware.

icebob commented 1 year ago

Here we have tests to check the response headers in case of OPTIONS request: https://github.com/moleculerjs/moleculer-web/blob/f375dbb4f8bff8aa16e95024e5c65463b626fa45/test/integration/index.spec.js#L2454-L2527

AGTheodorides commented 1 year ago

Indeed, it was the request originator at fault in my case after all - they were not sending the 'origin' header. This works like a charm.

Thank you!