✅ Access-Control-Allow-Headers allow "*" #500

HardCoreQual · 2022-07-14T19:55:59Z

HardCoreQual
Jul 14, 2022

in experss-zod-api has
response.set("Access-Control-Allow-Headers", "content-type");
but here also can be send and authorization for example, I think better solution is to have possibility send all cors settings in Config

RobinTail · 2022-07-15T18:41:53Z

RobinTail
Jul 15, 2022
Maintainer

I presume you're talking about this line:

https://github.com/RobinTail/express-zod-api/blob/master/src/endpoint.ts#L138

I agree. There could be more headers.

to have possibility send all cors settings in Config

What could these CORS setting look like in your opinion?

Should they configure these headers:
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#the_http_response_headers
? Or should there be something more than that?

@HardCoreQual

P.S. Thank you for your finding

0 replies

RobinTail · 2022-07-16T19:00:45Z

RobinTail
Jul 16, 2022
Maintainer

@HardCoreQual , please check out my PR #503 .
Would this be enough to fulfill your needs?

3 replies

HardCoreQual Jul 20, 2022
Author

Yes, thanks, I temporary switch project from createServer to attachRouting, but after this update, I can revert it :)

Can be bug that
ExpressZodEndpoidFactory.addExpressMiddleware(cors()) don't work // createServer
and is necessary to use expressApp.use(cors()) // attachRouting
or it work like expected ?

RobinTail Jul 20, 2022
Maintainer

Yes, thanks, I temporary switch project from createServer to attachRouting, but after this update, I can revert it :)

great, then I'll merge and release it soon.
Thank you.

Can be bug that
ExpressZodEndpoidFactory.addExpressMiddleware(cors()) don't work // createServer
and is necessary to use expressApp.use(cors()) // attachRouting
or it work like expected ?

the factory's method addExpressMiddleware() (and it's alias use()) add middleware to the endpoint.
Currently all these middlewares are executed before the endpoint's handler.
However, the OPTIONS request (which is the part of the CORS workflow) is not being handled by the endpoint's handler.
Its case is special in the current implementation and completely controlled by the cors option in the config.
So, yes, I think it's something that should be improved as well by running middlewares for the OPTIONS request.
But I need to figure out the best way to do it.
Thank you for reporting this. I'll make a separate issue out of it. @HardCoreQual

RobinTail Jul 21, 2022
Maintainer

Fixed in 7.6.1 🚀 @HardCoreQual

RobinTail · 2022-07-20T16:51:39Z

RobinTail
Jul 20, 2022
Maintainer

The feature released in version 7.5.0 🚀

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

✅ Access-Control-Allow-Headers allow "*" #500

{{title}}

Replies: 3 comments 3 replies

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

✅ Access-Control-Allow-Headers allow "*" #500

HardCoreQual Jul 14, 2022

Replies: 3 comments · 3 replies

RobinTail Jul 15, 2022 Maintainer

RobinTail Jul 16, 2022 Maintainer

HardCoreQual Jul 20, 2022 Author

RobinTail Jul 20, 2022 Maintainer

RobinTail Jul 21, 2022 Maintainer

RobinTail Jul 20, 2022 Maintainer

HardCoreQual
Jul 14, 2022

Replies: 3 comments 3 replies

RobinTail
Jul 15, 2022
Maintainer

RobinTail
Jul 16, 2022
Maintainer

HardCoreQual Jul 20, 2022
Author

RobinTail Jul 20, 2022
Maintainer

RobinTail Jul 21, 2022
Maintainer

RobinTail
Jul 20, 2022
Maintainer