Cannot set CORS allowed headers. #261
Labels
bug
Something is not working.
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Preflight checklist
Describe the bug
Hello,
First off, thanks for the great package, I've loved my past experience with Ory OSS.
I'm having an issue in my project using the
ory proxy. I'm using a react application to talk to the ory proxy and I have a third party client library that is trying to request CORS headers:Authorization(note capital 'A') andX-Request-Idwith anOPTIONSpre-flight, which the ory proxy dis-allows as these arenon-standardheaders.I haven't wrote a lick of Go really, but it looks like this is the suspect line:
cli/cmd/cloudx/proxy/proxy.go
Line 254 in e5582fd
Reproducing the bug
Make an OPTIONS request to the
ory proxyfor a non-standard Cors header.Ex.
Access-Control-Request-Headers: authorization,x-request-idRelevant log output
[cors] 2022/11/07 20:23:51 Handler: Preflight request [cors] 2022/11/07 20:23:51 Preflight aborted: headers '[Authorization X-Request-Id]' not allowedRelevant configuration
A slight tangent. I tried using the
-cflag to set a config file, but I get a json parse error for the.yaml, like it's not expectingyamlfor some reason, but json, when all the docs show.yamlconfig files?I'm also not sure if the proxy respects any of those config values.
I also hoped that maybe setting the env variable SERVE_WRITE_CORS_ALLOWED_HEADERS='["content-type", "authorization", "Authorization", "X-Request-Id"]' would do it, but to no avail.
Version
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
No response
Additional Context
I'm not an expert on CORS or the
ory proxyso I may be missing something obvious to forward theOPTIONScall to my down-stream server?Or potentially a way for
ory proxyto just ignore OPTIONS and forward to the down-stream server?The text was updated successfully, but these errors were encountered: