Open JuxhinDB opened 6 months ago
Hey - awesome find! Would you mind creating a PR for this? :) Looks like you already have the diff :)
I am running into the same problem for ory tunnel, what is the current state of this issue?
Didn't have time to fix this unfortunately, but you should be able to apply the patch locally (assuming things didn't change much) and build the binaries. Otherwise a PR fix would be ideal for the maintainers.
I disabled CORS for my Ory project using the Ory CLI and that fixed my problem
ory patch project <your-project-id> \
--replace '/cors_public/enabled=false' \
Preflight checklist
Ory Network Project
https://goofy-dewdney-rri0sodzzj.projects.oryapis.cojm
Describe the bug
We have a use-case to use the
ory proxy
auxiliary function to proxy our dev environment locally along with the ory session handler. This enables frontend developers to work on the UI while being authenticated correctly.The issue arises when upstream services already handle CORS headers for you. The proxy will add it's own CORS headers as part of the proxy middleware, which results in duplicate headers, causing CORS to fail in the browser. The only solution right now was to fork and patch the cli with the following patch.
Reproducing the bug
ory proxy
:ory proxy --dev --project goofy-dewdney-rri0sodzzj $upstream
This will result in you getting redirected to http://localhost:3000/, which will fetch an api endpoint through the proxy. The response of the proxied request will contain duplicate CORS headers, leading to CORS failure in the browser.
Relevant log output
No response
Relevant configuration
No response
Version
Version: v0.3.4 Git Hash: 654e4987a7c0a6111988dccb158541329ec36c9f Build Time: 2024-02-10T10:29:21Z
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
Binary
Additional Context
No response