ckulka
commented
3 years ago Hi @konfiot, I know this is an old issue and you probably moved on, but just came across it... so maybe it's at least helpful for someone else having the same issue.
The issue is that only the browser's OPTION requests are CORS pre-flight requests that need the CORS response headers and should not be processed by Baikal's PHP code. The OPTION requests sent by Thunderbird etc. are not CORS pre-flight requests and should be processed by Baikal's PHP code.
I didn't run InfCloud myself, but dabbled a bit some time ago and came up with an attempt to tackle this with this Nginx configuration: https://github.com/ckulka/infcloud-docker/blob/05b7f3af6fc8959a804ef88500e93f1785ce005f/examples/baikal-nginx.conf.
May or may not be working yet, but if you or someone else can give it a try, I'd be curious if it'd work.
Baikal version: 0.7.2
Hi guys, I'm trying to setup Baikal with infcloud, and I'm running into an issue because of CORS (infcloud and baikal are not on the same domain) I could track down the issue down to the fact that baikal expects OPTIONS requests to be authenticated, and that browsers send a preflight CORS request to check CORS headers as an unauthenticated OPTIONS request, so that requests ends with a 401, and the CORS check fails The problem is that if I add an automatic answer to the OPTIONS requests it fails, cf #838 So idk what's the good solution, should Baikal allow unauthenticated OPTIONS requests or is it a bad idea security-wise (it doesn't seem that answers to OPTIONS contain actual content so I would say that there's no problem but I'm not an expert) Thanks a lot