New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request header field fiware-service is not allowed by Access-Control-Allow-Headers in preflight response. #3453
Comments
(I have formatted your code a bit) How do you run Orion? Typically the output of the By the way, your Orion version is pretty old (1.13.0, released almost a year ago). It would be wise to upgrade to a newer one (latest at this moment is 2.2.0). |
I'm not an expert in CORS but reading at https://fiware-orion.readthedocs.io/en/master/user/cors/index.html#access-control-allow-headers it seems that fiware-service is included in the list:
Maybe it could be related with case (fiware-service vs. Fiware-Service)? It shouldn't becuase HTTP headers are case insensitive by definition, but... Another question: is this happening only with CC: @McMutton (as implementer of the CORS part maybe he can bring some ligth into this issue) |
I try a post with v2/entities and got the exact same response. Anyway until we have more info on this I will try to make some connector/proxy to send data to Orion. |
+1 I get the same issue with a GET request to /v2/entities: |
I can try to reproduce the problem. In order to do that I'll need the exact request that is causing the response (ideally the curl command to run). Could you provide that information, please? |
When the request is made from the browser, it sends a pre-flight
This results in browsers being unable to communicate with the CB, even though CORS is enabled. |
I did the following test. Orion runs this way:
I do the following curl:
The response I get is 200 OK
But maybe I'm not running Orion the same way. Could you confirm how do you run it (i.e. |
Sure, our instance is started using this command:
For added info, it's version 1.7.0 |
@cgillions the version you are using is pretty old and the OPTIONS header is not supported. OPTIONS header support was included around version 1.13.0. Thus, the solution is easy: update Context Broker. I'd recommend you to do it to the most recent version at this moment (i.e. 2.2.0). |
I think the problem reported by @cgillions is solved with my last comment but with regards to the original problem described in the body of the issue, @IgorDespot could provide the exact request that is causing the response (ideally the curl command to run), please? |
Hi,
I have an issue with cors when making calls to Fiware Orion.
The version of Fiware Orion.
Error problem,
Access to XMLHttpRequest at 'http://xxxx/v2/op/update' from origin 'xxxx' has been blocked by CORS policy: Request header field fiware-service is not allowed by Access-Control-Allow-Headers in preflight response.
Example of code used:
Sorry for bad code format. Can you tell me what is happening because I have cors enabled and had no issue on my current version of Orion until this type of call that comes from the browser?
The text was updated successfully, but these errors were encountered: