Device agent does not respond with correct CORS headers

Question

Device agent does not respond with correct CORS headers

Closed this issue 8 months ago · 0 comments

Current Behavior

Bu default Node-RED will respond with the following CORS headers when an OPTIONS HTTP request is made to a HTTP-in/HTTP-response pair

Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE
Vary: Access-Control-Request-Headers

If the editor route is changed (e.g. to device-editor) it no longer returns CORS headers unless the httpNodeCors settings directive is enabled as the default CORS behaviour is handled by the editor.

Expected Behavior

The device agent should set the httpNodeCors to match the defaults

Steps To Reproduce

Host an HTTP endpoint in a device agent
Make a HTTP request from a 3rd party webpage or make a http OPTIONS call to the endpoint

Environment

FlowFuse version: 2.2.0
Node.js version: 18.x
npm version: 9,x
Platform/OS: all
Browser: any