search

webcompat / webcompat-metrics-server

Server in charge of delivering different data to the webcompat-metrics-client
Mozilla Public License 2.0
6 stars 5 forks source link

Adds Access-Control-Allow-Credentials: true for coping with HTTPS #29

Closed karlcow closed 6 years ago

karlcow commented 6 years ago

@miketaylr and @magsout found out in https://github.com/webcompat/webcompat-metrics-server/issues/26#issuecomment-398522341 that we had a Access-Control-Allow-Credentials error.

After reading https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials it is mandatory for HTTPS.

Credentials are cookies, authorization headers or TLS client certificates.

and

The Access-Control-Allow-Credentials header works in conjunction with the XMLHttpRequest.withCredentials property or with the credentials option in the Request() constructor of the Fetch API. Credentials must be set on both sides (the Access-Control-Allow-Credentials header and in the XHR or Fetch request) in order for the CORS request with credentials to succeed.

Access-Control-Allow-Credentials: true

karlcow commented 6 years ago

Success!

capture d ecran 2018-06-20 a 05 30 37