Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access-Control-Allow-Headers wildcard rejected in Firefox #79

Open
vinyll opened this issue Feb 26, 2019 · 3 comments
Open

Access-Control-Allow-Headers wildcard rejected in Firefox #79

vinyll opened this issue Feb 26, 2019 · 3 comments

Comments

@vinyll
Copy link
Member

vinyll commented Feb 26, 2019

Similarly to #64 the implementation of 'Access-Control-Allow-Headers': '*' does not work on Firefox rejecting with a preflight error.

Example sending Access-Control-Request-Headers: authorization in Firefox:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:3579/user. (Reason: missing token ‘authorization’ in CORS header ‘Access-Control-Allow-Headers’ from CORS preflight channel).[Learn More]

Works as expected on Chromium.
Also works on Firefox when explicitely using cors(app, "*", methods="*", headers=["Authorization"]) instead of headers="*"
@davidbgk
Copy link
Contributor

@vinyll if you still have the use-case, can you provide a pull-request?

@vinyll
Copy link
Member Author

vinyll commented Dec 14, 2019
edited
Loading

I still have the use case and I use cors(app, "*", methods="*", headers=["*", "Authorization"]) in the app.
I can have a better look eventually :)

@davidbgk
Copy link
Contributor

Do you think we should add these headers by default if methods="*"?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@davidbgk @vinyll