deco-cx/apps

Is AllowCors necessary to dynamic options loaders?

Opened this issue · 0 comments

guitavano commented

Issue Type

Please select the type of issue you are reporting:

  • Bug Report

Description

For dynamic options loaders, we are using this code to avoid CORS.

Object.entries(allowCorsFor(req)).map(([name, value]) => {
  ctx.response.headers.set(name, value);
});

However, requests from the admin panel should not encounter CORS problems.

Steps to Reproduce (for bugs)

  1. Run a store with deco and apps referenced
  2. Remove allowCors code from one of dynamic loaders
  • vtex/loaders/options/productIdByTerm.ts
  1. The dynamic options select will not work

Expected Behavior

Our admin should be able to do request to loaders without this allowCors explicity.