CORS error by using AuthorizationListener

[marhali]

I am using the newest version of netty-socketio (20.02.20).

The problem occurs inside EncoderHandler.java in line 209. In this case the required Access-Control-Allow-Origin header would never be set, because the encoder directly writes the data to netty.

This might not be a problem if the current type is not http relevant. So I checked which type produces this error and it is the DefaultHttpResponse from the io.netty package.

I already tested using Configuration.origin but this has no effect because the relevant DefaultHttpResponse type which is fired at session start is not catched inside the EncoderHandler.

[marhali]

After further investigation I found out that AuthorizeHandler.java /161 sends 401 unauthorized after returning false inside AuthorizationListener. So instead of firing 401 exceptions inside my browser, CORS errors occur because no Access-Control headers are set at this state.

Another problem is that I am setting a custom Authorization header on my client for authentication. I can't access that header inside SocketIOClient.HandshakeData.headers. Any ideas why? Maybe a problem with http preflight request?

[Capttan]

Hi I am trying to set a custom authorization header as well using javascript frontend served by nodeJS. I am encountering the CORS errors and I am unable to set the "Access-Control-Allow-Headers" on my java backend running netty-socketio. Do you have a solution/fix for this?