-
-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Preflight request gets denied when settings should allow it #48
Comments
This is happens to me as well. If I set |
I was experiencing the same issue... I really hate CORS! After a bit of an investigation, I found the following on MDN (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers):
As a temporary workaround, I have added the following global hook to my app which seems have resolved the issue: const app = new Elysia()
.onAfterHandle(({ request, set }) => {
// Only process CORS requests
if (request.method !== "OPTIONS") return;
const allowHeader = set.headers["Access-Control-Allow-Headers"];
if (allowHeader === "*") {
set.headers["Access-Control-Allow-Headers"] =
request.headers.get("Access-Control-Request-Headers") ?? "";
}
})
.use(cors())
... |
Nice it works. However it does not work with live servers extension ... |
This worked for me. I love this framework but the documentation does not give you enough details to solve these issues. And correct me if I am wrong, but this should not be an issue, this feels like a work around. |
I just needed a fix for one route so I did this: export default new Elysia()
.options("/report", async ({ set, request }) => {
set.headers["Access-Control-Allow-Headers"] =
request.headers.get("Access-Control-Request-Headers") ?? ""
})
.post(...) I would probably be better to just make a PR that copies logic from https://github.com/expressjs/cors/blob/master/lib/index.js |
Fixed with 010f999, published on 1.0.4 |
still get |
I am also facing the same issue |
I'm completely blocked by this - is anybody working on a solution? |
Fixapp.use(
cors({
origin: true,
methods: "*",
- allowedHeaders: "*",
+ allowedHeaders: ["content-type"],
exposeHeaders: "*",
credentials: true,
maxAge: 50000,
preflight: true,
})
); OR app.use(
cors({
origin: true,
methods: "*",
- allowedHeaders: "*",
exposeHeaders: "*",
credentials: true,
maxAge: 50000,
preflight: true,
})
); ExplanationGetting this CORS error: Setting |
The example code underneath should fetch cookies from my backend thats on a different origin than my front end. However i get a error "Access to fetch at 'http://localhost:1234/cookies' from origin 'http://127.0.0.1:5500' has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response." However if i understand the doc correct elysia-cors should allow it by default.
This is a example i made to narrow down the problem
Frontend
Open with live server - VS code
Backend
In addition to whats is shown here i have tried
app.options("*", cors());
Dependancies
─ @elysiajs/[email protected]
├── [email protected]
└── [email protected]
The text was updated successfully, but these errors were encountered: