Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CORS headers are not added for 4xx and 5xx responses #661

Closed
huygn opened this Issue May 16, 2018 · 4 comments

Comments

Projects
None yet
2 participants
@huygn
Copy link

huygn commented May 16, 2018

Prerequisites

  • I am running the latest version. (up upgrade)
  • I searched to see if the issue already exists.
  • I inspected the verbose debug output with the -v, --verbose flag.
  • Are you an Up Pro subscriber?

Description

I'm doing jwt auth on my up app to return 401, but i've got this CORS error:

No 'Access-Control-Allow-Origin' header is present on the requested resource. 
Origin 'http://localhost:4000' is therefore not allowed access. The response had HTTP status code 401.

Checking Network tab the 401 response always return with only content-type: text/html; charset=utf-8 header and nothing else.

up.json:

"cors": {
    "allowed_origins": ["*"],
    "allowed_methods": ["HEAD", "GET", "POST", "PUT", "PATCH", "DELETE"],
    "allowed_headers": ["*"],
    "max_age": 1,
    "debug": true
  },

debug logs:

[cors] 2018/05/14 16:44:14 Handler: Preflight request
[cors] 2018/05/14 16:44:14   Preflight response headers: map[Vary:[Accept-Encoding Origin Access-Control-Request-Method Access-Control-Request-Headers] Access-Control-Allow-Origin:[*] Access-Control-Allow-Methods:[GET] Access-Control-Allow-Headers:[Authorization]]
[cors] 2018/05/14 16:44:14 Handler: Actual request
[cors] 2018/05/14 16:44:14   Actual response added headers: map[Vary:[Accept-Encoding Origin] Access-Control-Allow-Origin:[*]]

Tried running my up app locally and it returns 401 correctly (with CORS headers).

@tj tj added the bug label May 16, 2018

@tj

This comment has been minimized.

Copy link
Member

tj commented May 16, 2018

I think I know what's going on, I'll see if I can get a fix in today!

For now if you add this to your up.json it should fix the issue:

  "error_pages": {
    "enable": false
  }

I guess the other issue is most people request with Accept: */*, so that probably surprises with an HTML error page response. I might just disable those by default.

@huygn

This comment has been minimized.

Copy link
Author

huygn commented May 16, 2018

@tj thanks alot 🎉 0.6.5 fixed my issue (CORS headers are present now) but now it response with a purple html page on 401 (text/html) regarding I've set content-type: application/json on my middleware. (I also put error_pages.enable to false as suggested)

@huygn

This comment has been minimized.

Copy link
Author

huygn commented May 16, 2018

Just figured out, it should be

"error_pages": {
    "disable": true
  }

Thanks again 🎉

@tj

This comment has been minimized.

Copy link
Member

tj commented May 16, 2018

No worries!

Just in case anyone hits this, setting Accept should also do the trick when enabled:

const res = await fetch('https://myapp.com', {
  headers: { 'Content-Type': 'application/json', Accept: 'application/json' },
  method: 'POST',
  body
})

But error pages aren't so valuable that this trouble is worth it hahah, might be best to remove them

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.