Cors behavour? #151

ChillFish8 · 2021-12-31T15:54:06Z

ChillFish8
Dec 31, 2021

I've been playing around accessing an API created with poem which has to go through CORS.

The issue I've ran into is with the following setup of cors:

            Cors::new()
                .allow_origins(["http://127.0.0.1:3000", "http://localhost:3000"])
                .allow_header("*")
                .allow_methods([Method::GET, Method::POST, Method::DELETE, Method::OPTIONS])
                .allow_credentials(true)

But when trying to access an endpoint with the required authorization. The preflight check gets rejected with 401 Unauthorized which of course causes a CORS failure on the browser.

Is this intended? Im not sure if I'm missing some setting on the cors middleware or something with CORS but this feels slightly un-natural.

Answered by sunli829

Dec 31, 2021

remove this line:

.allow_header("*")

View full answer

sunli829 · 2021-12-31T16:09:23Z

sunli829
Dec 31, 2021
Maintainer

remove this line:

.allow_header("*")

1 reply

ChillFish8 Dec 31, 2021
Author

😓 Yup that would do it. 🙏 Thank you

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cors behavour? #151

{{title}}

Replies: 1 comment 1 reply

{{title}}

{{title}}

Select a reply

Cors behavour? #151

ChillFish8 Dec 31, 2021

Replies: 1 comment · 1 reply

sunli829 Dec 31, 2021 Maintainer

ChillFish8 Dec 31, 2021 Author

ChillFish8
Dec 31, 2021

Replies: 1 comment 1 reply

sunli829
Dec 31, 2021
Maintainer

ChillFish8 Dec 31, 2021
Author