Forbidden 403 when make cross origin requests

[mazzy89]

I have set cors to true and these are the options I'm using for the plugins:

{
  plugin: require('crumb'),
  options: {
    cookieOptions: {
      isSecure: false
    },
    allowOrigins: ['*.sendgrid.com']
  }
}

I'm using sendgrid nodejs official plugin and I make an ajax request

$.post('/server-url', data);

but I get an error. Why? is it a bug or I should set something?

[stongo]

do you have any server and client code you could post so I can help?

[stongo]

closing this until further information provided

[nlindley]

We are noticing this, too. We also have the restful option set to true. The forbidden() is coming from https://github.com/hapijs/crumb/blob/master/lib/index.js#L122-L124. It works when I change it to the following, but I don’t know if this is the appropriate fix.

if (header !== request.state[request.route.plugins._crumb.key]) {
  return reply(Boom.forbidden());
}

[lock]

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.