Skip to content
This repository has been archived by the owner on Jan 11, 2023. It is now read-only.

Authorization breaks CORS support #479

Open
diachedelic opened this issue May 7, 2020 · 2 comments
Open

Authorization breaks CORS support #479

diachedelic opened this issue May 7, 2020 · 2 comments
Labels
bug

Comments

@diachedelic
Copy link

It seems GCDWebServer, when configured to use Basic auth, requires the Authorization header on preflight (OPTIONS) requests. However, the spec states that browsers are not to send the Authorization header for preflight, so unfortunately I cannot use both CORS and authorization, as the preflight requests are rejected with 401 Unauthorized.

Refer to the CORS spec where it says preflight requests should "Exclude user credentials".
@diachedelic diachedelic mentioned this issue May 8, 2020
Open
@swisspol swisspol added the bug label May 23, 2020
@swisspol
Copy link
Owner

Good catch, thanks for reporting.

@fabiosoft
Copy link

Still not solved? I have the same issue... the preflight maybe should return 204 status code to be able to support web browsers

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@diachedelic @swisspol @fabiosoft