Fix a bug that CORS headers are missing in some HTTP responses #41792
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changelog category (leave one):
Changelog entry (a user-readable short description of the changes that goes to CHANGELOG.md):
Fix a bug that CORS headers are missing in some HTTP responses
Description
In current implementation, for HTTP POST requests, CORS headers are added after user authentication. If the authentication fails, the returned HTTP response has no CORS headers. This leads some front-end libs, such as axios, fail to process the response - they can't even get the http status nor the error message because the missed headers block them to do so.
To make the front-end projects correctly handle such 403 exceptions or in case of any exception raised before CORS headers are added, we need to make some adjustment to current CORS handling, that is adding these headers before a query is processed.
BTW, there is a very old setting
add_http_cors_header
, this setting does not work if the authentication fails. The contradiction is we can only get the user setting after the authentication but the CORS processing requires us to add headers before any processing.Link to #29155 for better understanding.