Preflight CORS requests are not hadled correctly about audioserve HOT 12 CLOSED

Fix pushed to master

from audioserve.

@KodeStar pls update here if it is working for you.

from audioserve.

I’ve not tried it yet, been busy trying to add features and fix bugs, will try to build from master later today or tomorrow

from audioserve.

Any chance you could put out a release with this change in it? It will be much easier for me to test.

from audioserve.

@KodeStar - released latest master as v0.15.6. Can you confirm that CORS preflight is now working?

from audioserve.

I think we have a success, it's not complaining about cors any longer, now I just have to work out why what I'm trying to send isn't working :)

from audioserve.

Would it be possible to send the audioserve_token as a custom header instead of a cookie? The issue is, because the server and the frontend aren't on the same address it wont let me set the cookie. So all my subsequent requests to endpoints fail.

edit Nvm, I looked through the auth.rs code and realised it could be sent via an Authorization bearer token!

from audioserve.

@KodeStar,
Yes you can use Bearer token as well as cookie. In browser you can you send cookie even to different host (if it was setup by that host). I'm using it in development of default client (as it is convenient and you don't have manage the header yourself). Just need to add this option to XHR withCredentials: true - see https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials

from audioserve.

I was originally using axios and passing withCredentials: true but it didn't help, I have since got rid of axios and am just using fetch, I haven't tried it with that since I got it working by passing the bearer. However, when I tried it with axios I got this error in the browser https://imgur.com/Oa3C4go

This attempt to set a cookie via a Set-Cookie header was blocked because it had the "SameSite=Lax" attribute but came from a cross-site response which was not the response to a top-level navigation.

from audioserve.

@ Kodestar Hmm, this make sense - our cookie is now SameSite: Lax so it depends how login is initiated in browser. Problem is mainly for development, cause normally then client files and API are served from same location in production.
As I said it works for me now in FF for current client - probably the way login is initiated suits definition of "top-level navigation".

Anyhow if bearer token working for you it's good solution, as this will in both development and production set up. If there are still issues with CORS let me know, otherwise I think we can close this issue.

from audioserve.

Agreed :)

from audioserve.

CORS Headers looks working OK. However still some change needs to be done on cookie - created new issue fo this #64

from audioserve.