Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CORS response headers missing for media endpoint #1197

huandzh opened this issue Sep 28, 2018 · 1 comment

CORS response headers missing for media endpoint #1197

huandzh opened this issue Sep 28, 2018 · 1 comment


Copy link

@huandzh huandzh commented Sep 28, 2018

When accessing media endpoint from web app, CORS headers required by browsers are missing.

Here is a temporary workaround at huandzh#4 . It can be also used as a hint to fix it delicately.

Expected Behavior

OPTIONS and GET from remote web app to media endpoint should receive response headers containing CORS headers. Thus, preflight and actual GET can success:

Access-Control-Allow-Origin: ...
Vary: Origin
Access-Control-Allow-Headers: Access-Control-Allow-Origin, Access-Control-Allow-Methods, Access-Control-Allow-Headers, Authorization, Content-Type, X-Requested-With
Access-Control-Allow-Methods: GET, OPTIONS, HEAD

Actual Behavior

No CORS headers in response headers from remote web app to media endpoint. The code for media endpoint bypassed CORS related codes.


  • Python version: 3.6.5/3.7.0
  • Eve version: 0.8/master branch
@nicolaiarocci nicolaiarocci added this to the 0.8.2 milestone Oct 3, 2018
@nicolaiarocci nicolaiarocci added the bug label Oct 3, 2018
Copy link

@nicolaiarocci nicolaiarocci commented Oct 11, 2018

Thanks, I adopted your code. Only added a failing (not anymore) test.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.