CORS Preflight OPTIONS request returns "401 Unauthorized"

Question

CORS Preflight OPTIONS request returns "401 Unauthorized"

konstantinmuenster opened this issue 5 years ago · 2 comments

konstantinmuenster commented 5 years ago

Hi!

I am currently facing a problem regarding CORS preflight requests in my application. If I want to fetch user data from a protected JSON server route (600), it says the OPTIONS preflight request is missing an authorization header. Therefore, the GET request is not following afterwards and the fetching fails (although I added the correct Authorization header on the initial GET request).

That seems to be an issue with json-server-auth itself because the W3 specs states that a preflight OPTIONS request should never contain any authorization?

Answer 1 · 2020-06-01T17:43:03.000Z

You're right, I applied the guards to all HTTP methods, which is a mistake. Will fix.

Answer 2 · 2020-06-01T20:01:43.000Z

Fixed in v2.02 by 7b8d1a0