Access-Control-Allow-Origin header is not present
lobo-tuerto opened this issue · 5 comments
Hello,
I've been using CorsPlug, but I'm missing a feature that Corsica already has: mschae/cors_plug#50
So this is my mix.exs
:
defp deps do
[
# ...
# CORS configuration
{:cors_plug, "~> 1.5"},
{:corsica, "~> 1.0"}
]
end
This is my endpoint.ex
:
# ...
#plug CORSPlug, origin: "http://localhost:8080"
plug Corsica, origins: "http://localhost:8080"
plug SomeApiWeb.Router
# ...
Here are my request/response headers in question using Corsica:
REQUEST:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.5
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Connection: keep-alive
Host: localhost:4000
Origin: http://localhost:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0
RESPONSE:
HTTP/1.1 200 OK
cache-control: max-age=0, private, must-revalidate
content-length: 0
date: Mon, 16 Apr 2018 17:22:49 GMT
server: Cowboy
When uncommenting CORSPlug it works as intended, here are the results:
REQUEST:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.5
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Connection: keep-alive
Host: localhost:4000
Origin: http://localhost:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0
RESPONSE:
HTTP/1.1 204 No Content
access-control-allow-credentials: true
access-control-allow-headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since,X-CSRF-Token
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-origin: http://localhost:8080
access-control-expose-headers:
access-control-max-age: 1728000
cache-control: max-age=0, private, must-revalidate
content-length: 0
date: Mon, 16 Apr 2018 17:26:07 GMT
server: Cowboy
vary: Origin
Do you know what's going on? If it serves for anything I'm using Axios as an HTTP client.
Also, this is in a newly created API only Phoenix app.
I even added :corsica
to the extra_applications
key in mix.exs
:
def application do
[
mod: {SomeApi.Application, []},
extra_applications: [:corsica, :logger, :runtime_tools]
]
end
Still, no luck...
See the :allow_headers
option. From the Corsica documentation:
:allow_headers
- a list of headers (as binaries) or:all
. This is the list of headers allowed in theaccess-control-request-headers
header of preflight requests. If a header requested by the preflight request is in this list or is a simple header (Accept, Accept-Language, or Content-Language), then that header is always allowed.
Something like
plug Corsica, origins: "http://localhost:8080", allow_headers: ["content-type"]
should work.
Also Corsica should log why it didn't accept the request. Doesn't it?
Hey, it worked!
And no, logging on error is not enabled by default (I read about that at the documentation link you kindly mentioned). You have to opt-in for logging.
So (finally), my working configuration looks like this:
plug Corsica,
origins: "http://localhost:8080",
log: [rejected: :error, invalid: :warn, accepted: :debug],
allow_headers: ["content-type"],
allow_credentials: true
Thank you!