Open Martinsos opened 1 year ago
We managed to confuse another user with this! https://github.com/wasp-lang/wasp/issues/1757 . We should fix this!
Another confusion: https://discord.com/channels/686873244791210014/1229121387260805230/1229456446106632302 .
Miho puts it well here:
The reason is that: because of the way Express works, the middleware you specify in api gets only applied to the POST method (or whichever method you put in the api). For CORS to work properly, you need the middleware on the OPTIONS method as well!
Another connected convo: https://discord.com/channels/686873244791210014/1285239980498620428/1285239980498620428 .
This one is about configuring CORS to allow any domain to access the app, so setting it to *. It is ok for users to do this on their own, but I do wonder if we can make it a bit easier -> better docs, or maybe some primitives that make this simpler for them, so they need to know less about CORS? I think it is worth investigating. Maybe should be a separate GH issue, but putting it here for now.
We had a couple of people so far being confused on how to correctly set up cors to work with their
api
methods.The common pitfall seems to be that people are not aware that they also have to set CORS for OPTION, for which you usually then need
apiNamespace
.There was also following comment (whole convo):
We should do the following here:
api
feature works regarding cors, or adding explicit support for these use cases in Wasp?