New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CORS middleware not working as expected #2298
Comments
/bounty $75 |
💎 $75 bounty created by ZIO 👉 Add a bounty • Share on socials
|
The reason why there is no console output is misused allowedOrigin = {
case origin @ Origin.Value(_, host, _) =>
Console.printLine(s"*** host=$host") // discarded ZIO program
Some(AccessControlAllowOrigin.Specific(origin))
case _ =>
Console.print("*** Taking NONE path in CorsConfig ***") // discarded ZIO program
None
}, Replacing |
Also, make sure that you're sending a CORS request when testing the CORS headers.
|
/attempt #2298 Options |
Note The user @aadarsh-nagrath is already attempting to complete issue #2298 and claim the bounty. We recommend checking in on @aadarsh-nagrath's progress, and potentially collaborating, before starting a new solution. |
/attempt #2298 |
@aadarsh-nagrath: Reminder that in 7 days the bounty will become up for grabs, so please submit a pull request before then 🙏 |
@sankalp142002: Reminder that in 7 days the bounty will become up for grabs, so please submit a pull request before then 🙏 |
The bounty is up for grabs! Everyone is welcome to |
The middleware only sends the CORS headers in the response if the request contains an origin header: Here is an example from a test case that works if origin is present: testZ("/status returns CORS headers") {
val request = Request.get(URL.decode("/status").toOption.get)
.addHeader(Header.Origin("http", "localhost"))
restApiServer.app
.runZIO(request)
.map { response =>
assertEquals(
response.headers.get(Header.AccessControlAllowOrigin).map(_.renderedValue),
Some("http://localhost")
)
}
.provide(deps)
} IMO the behaviour of the middleware is correct. CORS rules don't apply to requests without an origin header (request not from a web browser). |
Describe the bug
Injecting CORS as middleware via the @@ operator does not seem to do anything.
To Reproduce
Steps to reproduce the behaviour:
// Create CORS configuration
val config: CorsConfig =
CorsConfig(
allowedOrigin = {
case origin@Origin.Value(_, host, _) => Console.printLine(s"*** host=$host");Some(AccessControlAllowOrigin.Specific(origin))
case _ => Console.print("*** Taking NONE path in CorsConfig ***");None
},
allowedMethods = AccessControlAllowMethods(Method.PUT, Method.DELETE, Method.GET),
)
val nonZIOsApp: App[Any] =
Http.collect[Request] {
case Method.GET -> Root / "hello" => Response.text("Hello World x 2!")
} @@ cors(config)
Expected behaviour
I would expect that I would see some console output indicating that the
config
object is being used as middleware and that an http testing client likepostman
would show me the header when the endpoint is invoked.WORKAROUND: Just use the
.addHeaders()
mechanism to add it per endpoint like so:case Method.GET -> Root / "hello" => Response.text("Hello World x 2!").addHeaders(myHeaders)
...where...
val corsHeader = Header.AccessControlAllowOrigin.All
val myHeaders = Headers(corsHeader)
The text was updated successfully, but these errors were encountered: