docs(files): document CORS_EXPOSED_HEADERS for TUS Directus-File-Id response header#639
Open
singhvishalkr wants to merge 1 commit intodirectus:mainfrom
Open
Conversation
…Id on TUS uploads Fixes directus#599. When a chunked upload finishes, Directus returns the file id in the Directus-File-Id response header rather than in the body. Browsers drop non-safelisted response headers across origins unless the server opts them in via Access-Control-Expose-Headers, so when the app lives on a different origin than the API the header is invisible to client JS. Add an info callout under Chunked Uploads explaining the requirement and showing how to add Directus-File-Id to CORS_EXPOSED_HEADERS (including the comma-separated form that keeps the Content-Range default intact). Maintainer (ComfortablyCoding) explicitly asked for this to be documented rather than exposed by default in the API.
|
@singhvishalkr is attempting to deploy a commit to the Directus Team on Vercel. A member of the Team first needs to authorize it. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #599.
When a chunked (TUS) upload finishes, Directus returns the resulting file id in the
Directus-File-Idresponse header rather than in the body. Browsers hide non-safelisted response headers across origins unless the server opts them in viaAccess-Control-Expose-Headers, so if the Data Studio or your app is on a different origin than the API,response.headers.get('Directus-File-Id')just returns null. The reporter on #599 said it took hours to realise that's what was going on, and @ComfortablyCoding asked for this to be documented rather than exposed by default.The change is a single info callout at the end of the Chunked Uploads section in
content/configuration/files.md. It names the header, explains why the browser hides it, shows the minimalCORS_EXPOSED_HEADERS="Directus-File-Id"value, and shows the comma-joined formContent-Range,Directus-File-Idso people already using theContent-Rangedefault don't accidentally drop it.I double-checked the link target
/configuration/security-limits#corsstill exists and that the existing default there isContent-Range, so the combined example is accurate.