https://kotlinlang.org logo
#http4k
Title
# http4k
s

s4nchez

12/06/2018, 11:42 AM
@xuemin.guan are you able to send the headers the server is sending back? My first guess is that you have the filter being applied twice, hence duplicating the header, but it's hard to tell without looking at how things are setup on you side.
x

xuemin.guan

12/06/2018, 2:37 PM
thanks Ivan for replying. I will share the information here once I have a chance.
j

John Norris

12/06/2018, 4:19 PM
Hi @s4nchez, I'm working with Xuemin on this. These are the details:
The browser "error" from this request:
Copy code
Access to fetch at '<http://localhost:8001/api/v2/permissions>' from origin '<https://www.dev.flexi.uk>' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '<https://www.google.com>, <https://www.bbc.co.uk>', but only one is allowed. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
The response headers from this request:
Copy code
access-control-allow-headers: content-type
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: <https://www.google.com>, <https://www.bbc.co.uk>
I think the specification for CORS says
"Access-Control-Allow-Origin" ":" origin-list-or-null | "*"
, which seems to match the http4k implementation
However it goes on to say
In practice the origin-list-or-null production is more constrained. Rather than allowing a space-separated list of origins, it is either a single origin or the string "null".
s

s4nchez

12/06/2018, 4:23 PM
Yeap. It seems like the filter needs to take into account the
Origin
header coming from the client and return a single allowed origin, if that's in the list.
May I suggest copying the current filter to your codebase and modifying it to behave in such way? If that works for you we're happy to incorporate the fix back in http4k.
j

John Norris

12/06/2018, 4:40 PM
Perfect. Yes we assumed the approach to resolve will be something like this 🙂 Great, we'll get it working locally, and then send you a pull request or whatever works best for you guys 👍
s

s4nchez

12/06/2018, 4:43 PM
Excellent. Let me know how things go, and if you want to submit a PR, even better 🙂
👌 1
j

John Norris

12/07/2018, 1:31 PM
Hi @s4nchez we've created a pull request, which you can find here - https://github.com/http4k/http4k/pull/199 - Happy to discuss, just let us know 👍
s

s4nchez

12/07/2018, 1:34 PM
That looks ok to me. Did it work fine for your specific use case?
j

John Norris

12/07/2018, 1:44 PM
Yes we've written some tests that cover our use case, and we're pretty happy with them 🙂
s

s4nchez

12/07/2018, 1:45 PM
Cool. Merged then. Will be available on the next version. Are you in a hurry to remove your version from the codebase?
j

John Norris

12/07/2018, 1:49 PM
Great, thanks a lot 👍 We're not in a hurry really. Do you know when the next version might be release though?
s

s4nchez

12/07/2018, 1:58 PM
We'll release 3.103.2 with your fix today
j

John Norris

12/07/2018, 2:00 PM
Amazing 👌
s

s4nchez

12/07/2018, 2:06 PM
Thank you for the fix!
d

dave

12/07/2018, 2:29 PM
releasing now. should be in jcenter inside the next 20 minutes or so.
3 Views