Closed shrickus closed 6 days ago
Check 3.1.x and the 4.0.0 beta as I'm 85% sure this got fixed recently
The httpNodeCors
setting is only applied to the HTTP node routes.
In 3.1, we did add some more flexibility to the httpStatic
configuration, but it didn't include cors.
I don't think it would be right to blindly apply httpNodeCors to httpStatic, but we can add a separate setting for it.
httpStaticCors
will get applied to any/all httpStatic
configurations.httpStatic
is an object, it can have a cors
property to apply@shrickus added to Node-RED 4 - https://github.com/node-red/node-red/pull/4761
Current Behavior
I have enabled the
httpNodeCors
option example in the settings.js file, in hopes that I could disable the CORS errors that occur when tryinbg to pull a static file from Node-RED through a 3rd-party website (e.g. observablehq.com).Forum discussion can be found here
Expected Behavior
There should be a way to disable CORS on the httpStatic routes -- either by applying the
httpNodeCors
option, or else by supporting a newhttpStaticCors
options setting (if different control is needed for static files).Steps To Reproduce
I am using these settings:
I am using my local browser to show the static file at url
https://my.site/public/data.json
-- WORKS.When I access a website that is configured to fetch the same static file url, I get this error:
Access to fetch at 'https://my.site/public/data.json' from origin 'https://shrickus.static.observableusercontent.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Example flow
N/A
Environment