-
-
Notifications
You must be signed in to change notification settings - Fork 22
-
-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ory proxy
exposes duplicate cors headers when already configured upstream
#344
Comments
Hey - awesome find! Would you mind creating a PR for this? :) Looks like you already have the diff :) |
I am running into the same problem for ory tunnel, what is the current state of this issue? |
Didn't have time to fix this unfortunately, but you should be able to apply the patch locally (assuming things didn't change much) and build the binaries. Otherwise a PR fix would be ideal for the maintainers. |
I disabled CORS for my Ory project using the Ory CLI and that fixed my problem
|
Preflight checklist
Ory Network Project
https://goofy-dewdney-rri0sodzzj.projects.oryapis.cojm
Describe the bug
We have a use-case to use the
ory proxy
auxiliary function to proxy our dev environment locally along with the ory session handler. This enables frontend developers to work on the UI while being authenticated correctly.The issue arises when upstream services already handle CORS headers for you. The proxy will add it's own CORS headers as part of the proxy middleware, which results in duplicate headers, causing CORS to fail in the browser. The only solution right now was to fork and patch the cli with the following patch.
Reproducing the bug
ory proxy
:ory proxy --dev --project goofy-dewdney-rri0sodzzj $upstream
This will result in you getting redirected to http://localhost:3000/, which will fetch an api endpoint through the proxy. The response of the proxied request will contain duplicate CORS headers, leading to CORS failure in the browser.
Relevant log output
No response
Relevant configuration
No response
Version
Version: v0.3.4 Git Hash: 654e498 Build Time: 2024-02-10T10:29:21Z
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
Binary
Additional Context
No response
The text was updated successfully, but these errors were encountered: