<@UDLCP0K9T> are you able to send the headers the ...
# http4ks
s4nchez
12/06/2018, 11:42 AM@xuemin.guan are you able to send the headers the server is sending back? My first guess is that you have the filter being applied twice, hence duplicating the header, but it's hard to tell without looking at how things are setup on you side.
x
xuemin.guan
12/06/2018, 2:37 PMthanks Ivan for replying. I will share the information here once I have a chance.
j
John Norris
12/06/2018, 4:19 PMHi @s4nchez, I'm working with Xuemin on this. These are the details:
John Norris
12/06/2018, 4:19 PMThe browser "error" from this request:
Copy code
Access to fetch at '<http://localhost:8001/api/v2/permissions>' from origin '<https://www.dev.flexi.uk>' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '<https://www.google.com>, <https://www.bbc.co.uk>', but only one is allowed. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. Copy code
access-control-allow-headers: content-type
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: <https://www.google.com>, <https://www.bbc.co.uk>John Norris
12/06/2018, 4:21 PMI think the specification for CORS says
"Access-Control-Allow-Origin" ":" origin-list-or-null | "*"John Norris
12/06/2018, 4:21 PMJohn Norris
12/06/2018, 4:21 PMHowever it goes on to say
In practice the origin-list-or-null production is more constrained. Rather than allowing a space-separated list of origins, it is either a single origin or the string "null".s
s4nchez
12/06/2018, 4:23 PMYeap. It seems like the filter needs to take into account the
Origins4nchez
12/06/2018, 4:25 PMMay I suggest copying the current filter to your codebase and modifying it to behave in such way? If that works for you we're happy to incorporate the fix back in http4k.
j
John Norris
12/06/2018, 4:40 PMPerfect. Yes we assumed the approach to resolve will be something like this ๐ Great, we'll get it working locally, and then send you a pull request or whatever works best for you guys ๐
s
s4nchez
12/06/2018, 4:43 PMExcellent. Let me know how things go, and if you want to submit a PR, even better ๐
๐ 1
j
John Norris
12/07/2018, 1:31 PMHi @s4nchez we've created a pull request, which you can find here - https://github.com/http4k/http4k/pull/199 - Happy to discuss, just let us know ๐
s
s4nchez
12/07/2018, 1:34 PMThat looks ok to me. Did it work fine for your specific use case?
j
John Norris
12/07/2018, 1:44 PMYes we've written some tests that cover our use case, and we're pretty happy with them ๐
s
s4nchez
12/07/2018, 1:45 PMCool. Merged then. Will be available on the next version. Are you in a hurry to remove your version from the codebase?
j
John Norris
12/07/2018, 1:49 PMGreat, thanks a lot ๐ We're not in a hurry really. Do you know when the next version might be release though?
s
s4nchez
12/07/2018, 1:58 PMWe'll release 3.103.2 with your fix today
j
John Norris
12/07/2018, 2:00 PMAmazing ๐
s
s4nchez
12/07/2018, 2:06 PMThank you for the fix!
d
dave
12/07/2018, 2:29 PMreleasing now. should be in jcenter inside the next 20 minutes or so.
3 Views