Closed g-belmonte closed 4 years ago
I was solving this issue with @raphaelpereira, and I saw we both opened a PR for that. (the other PR is https://github.com/resgateio/resgate/pull/172)
Please, fell free to close one of them :smile:
Hi @g-belmonte and @raphaelpereira
Sorry for the slow response. Week has been mightily busy.
Great that you guys made it work! (and made me aware of the issue 😃 )
Since request headers will have no side-effects with Resgate, and attempts to forge headers such as X-Forwarded-Host
can easily be countered at the reverse proxy if some RES-service for some weird reason should depend on it. So.. yeah, I think it is safe to allow any headers.
But, with those changes, I actually made my own branch where the Access-Control-Request-Headers
value is mirrored to the Access-Control-Allowed-Headers
(I am not sure how well the browsers supports the *
-wildcard, so mirroring is more safe).
https://github.com/resgateio/resgate/tree/feature/gh-171-cors-access-control-allow-headers
If you have the time, please try it out to see if it solves your issue.
No worries, @jirenius! Actually, thanks for spending time taking a look at this issue. Time is a scarce resource :smiley:
Well, my fix worked until I had to do a request with authorization. Then I had to add Access-Control-Allow-Headers: authorization
to the headers and I started to think "what other headers am I missing?"... so, I do think that mirroring the Access-Control-Request-Headers
would be an easy way forward!
I'll go test your branch, and I'll be back soon with the results :smile:
And yes, your branch is working perfectly :smile: :+1:
Great! Thanks for the help.
I'll have the branch merged to develop, and then release a patch version of Resgate instead of waiting for next minor release.
Resolved in #174
Greetings!
I've been dealing with an application that has different servers for the frontend and its API. Resgate is the entrypoint for the API, and I was trying to do some REST requests from the frontend, but having trouble when setting the header "Content-Type: application/json", because resgate's answer didn't have the header "Access-Control-Allow-Headers: content-type". I added it to the code, and things started to work perfectly for me.
If you think this change might bring value to the project, here's the PR: https://github.com/resgateio/resgate/pull/173