-
Notifications
You must be signed in to change notification settings - Fork 68
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow Access-Control-Allow-Credentials to be set for --cors mode #120
Comments
Question - can |
It's probably generally a safe thing to just include it. Given that the CORS headers aren't serialised into the contract (because the mock service is artificially adding them) it's not going to give (any more) false positives. The extra header present shouldn't break existing tests because the presence of that header doesn't impact client behaviour unless the An alternative that may make everyone happy:
I'd say go with (1) until we have a need for (2). |
@vandemark it should already add the credentials header, but it will only do it if there was an Authorization or Cookie header set https://github.com/pact-foundation/pact-mock_service/blob/master/lib/pact/mock_service/request_handlers/options.rb#L41-L43 |
Sorry, only if it was requested in the Access-Control-Request-Headers. |
@mefellows I actually might have just identified a need for your option 2, that being another request we have that uses a "custom" header and the pact server is throwing this back at us: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSInvalidAllowHeader edit: just noticed that if cors=true then the Access-Control-Allow-Headers is set up correctly, so ignore this |
@vandemark can you provide an executable example of your issue in a github repository please? I won't be able to fix anything until I can recreate the issue. You can fork the pact-js repository and modify one of the examples in the https://github.com/pact-foundation/pact-js/tree/master/examples directory. |
@bethesque sure thing, I need to make sure I'm going through my company's proper channels but I will start putting something together as soon as possible |
@bethesque I updated one of the examples in the jest folder to replicate the issue here: https://github.com/vandemark/pact-js/tree/cors-example I made two examples, both use withCredentials but only one has an options preflight request caused by a custom header. |
Thanks! I should be able to look at it by Thursday at the latest, as I have an OSS day then. |
Hi @bethesque , I can try to make this update if that's not an issue. Should just be a small change here: https://github.com/pact-foundation/pact-mock_service/blob/master/lib/pact/consumer/mock_service/cors_origin_header_middleware.rb |
Please do submit a PR. I'm sorry I wasn't able to get to it on my last OSS day. |
Hi @bethesque, I got the changes in my projects repo and everything is working as expected now! Thanks for the help. |
You're welcome. Thanks for your help. |
See pact-foundation/pact-js#409
The text was updated successfully, but these errors were encountered: