[Bug] <fix CORS plz>

[Robonau]

What feature should be added to Tachidesk?

proper CORS headers

Why/Project's Benefit/Existing Problem

currently something along the lines of : nginx

    location /api {
      if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Allow-Origin' $http_origin always;
        add_header 'Access-Control-Allow-Credentials' 'true' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS, PATCH, CONNECT' always;
        add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
        add_header 'Access-Control-Expose-Headers' 'Authorization' always;
        # Tell client that this pre-flight info is valid for 20 days
        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain charset=UTF-8';
        add_header 'Content-Length' 0;
        return 204;
      }
      proxy_hide_header Access-Control-Allow-Origin;
      proxy_hide_header Access-Control-Allow-Credentials;
      proxy_hide_header Access-Control-Allow-Methods;
      proxy_hide_header Access-Control-Allow-Headers;
      proxy_hide_header Access-Control-Expose-Headers;
      add_header 'Access-Control-Allow-Origin' $http_origin always;
      add_header 'Access-Control-Allow-Credentials' 'true' always;
      add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS, PATCH, CONNECT' always;
      add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
      add_header 'Access-Control-Expose-Headers' 'Authorization' always;
      proxy_pass http://tachidesk:4567;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $http_connection;
    } 

is needed in order to allow connections from external sites (i want a ui on a different subdomain to the server)

[Syer10]

How is this different then what the server already does here? IE the config.enableCorsForAllOrigins()
https://github.com/Suwayomi/Tachidesk-Server/blob/db5c5ed5344416b1701db1d046861fe3776c5317/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt#L45-L57

[Robonau]

uhh, well that obviously doesn't work
given i had to do (what i showed in the op) to get it to do anything

[Syer10]

It seems its working fine though?

[Robonau]

Access to XMLHttpRequest at 'https://tachidesk.***/api/v1/manga/52/thumbnail' from origin 'https://sora.***' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

*** = my domain

[Syer10]

I think this is a issue on your side, maybe your Ngix configuration or something. Its working fine on my docker server and a raw localhost server

[Robonau]

im not the only one that has run in to this issue
https://discord.com/channels/801021177333940224/938069900914728980/963195904813309962

[Syer10]

They were also using Nginx there. Nginx is probably trying to handle Cors itself instead of the server doing it (I think)

[Robonau]

nvm was more of a auth+cors bug than just cors