You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Run nuxt (pnpm dev:nuxt) or nitro (pnpm dev:nitro) and send a cors options request to the http://localhost:3000/test endpoint.
In the nuxt response, the Access-Control-Allow-Credentials header is missing, and the Access-Control-Allow-Origin header is incorrectly set to *, disregarding the actual origin.
The Nitro response behaves as expected, including the Access-Control-Allow-Credentials header and correctly setting the Access-Control-Allow-Origin header to the actual origin.
It looks like in nuxt context the event handler is not called for the cors options request.
HTTP/1.1 200 OK
access-control-allow-credentials: true
access-control-allow-origin: protocol://test
connection: close
content-length: 4
content-type: text/html
date: Wed, 25 Oct 2023 17:59:01 GMT
vary: origin
TEST
Describe the bug
I'm facing an issue when testing CORS preflight (OPTIONS) requests in a local development environment using Nuxt and Nitro. When sending a CORS OPTIONS request to the http://localhost:3000/test endpoint, the responses differ between the two.
It seems that within the Nuxt context, the event handler isn't being triggered for CORS OPTIONS requests.
Environment
Reproduction
https://github.com/samydoesit/repro-nuxt-cors-options
Run nuxt (
pnpm dev:nuxt
) or nitro (pnpm dev:nitro
) and send a cors options request to thehttp://localhost:3000/test
endpoint.In the nuxt response, the
Access-Control-Allow-Credentials
header is missing, and theAccess-Control-Allow-Origin
header is incorrectly set to*
, disregarding the actual origin.The Nitro response behaves as expected, including the
Access-Control-Allow-Credentials
header and correctly setting theAccess-Control-Allow-Origin
header to the actual origin.It looks like in nuxt context the event handler is not called for the cors options request.
httppie request:
http --follow --all OPTIONS :3000/test \ Origin:'protocol://test'
curl request:
Wrong Nuxt Response
HTTP/1.1 204 No Content Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE Access-Control-Allow-Origin: * Connection: keep-alive Content-Length: 0 Date: Wed, 25 Oct 2023 17:58:02 GMT Keep-Alive: timeout=5 Vary: Access-Control-Request-Headers
Correct Nitro Response
HTTP/1.1 200 OK access-control-allow-credentials: true access-control-allow-origin: protocol://test connection: close content-length: 4 content-type: text/html date: Wed, 25 Oct 2023 17:59:01 GMT vary: origin TEST
Describe the bug
I'm facing an issue when testing CORS preflight (OPTIONS) requests in a local development environment using Nuxt and Nitro. When sending a CORS OPTIONS request to the http://localhost:3000/test endpoint, the responses differ between the two.
It seems that within the Nuxt context, the event handler isn't being triggered for CORS OPTIONS requests.
Additional context
Event Handler
unjs/nitro#1095 (comment)
Logs
No response
The text was updated successfully, but these errors were encountered: