Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CORS_ORIGIN doesn't support a comma separated value contrary to what's stated in the docs #158

Closed
gamedevsam opened this issue Oct 31, 2023 · 1 comment
Labels
bug Something isn't working

Comments

@gamedevsam
Copy link

Describe the bug

Providing a comma separated list of URLS to the CORS_ORIGIN env var results in the following error on browser clients:

Access to fetch at '[REDACTED]' from origin '[REDACTED]' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values '[REDACTED],[REDACTED]', but only one is allowed. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

I expected this to work since the documentation states:

Origin URL or list of comma separated list of URLs to whitelist for CORS

Steps to reproduce the bug

  1. Create an Unleash proxy with CORS_ORIGIN containing two domains
  2. Access the proxy via a browser on either domain
  3. Notice the error

Expected behavior

I expected this to work since the documentation states:

Origin URL or list of comma separated list of URLs to whitelist for CORS

Logs, error output, etc.

Access to fetch at '[REDACTED]' from origin '[REDACTED]' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values '[REDACTED],[REDACTED]', but only one is allowed. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.


### Screenshots

_No response_

### Additional context

_No response_

### Unleash version

2.5.0

### Subscription type

Open source

### Hosting type

Self-hosted

### SDK information (language and version)

_No response_
@gamedevsam gamedevsam added the bug Something isn't working label Oct 31, 2023
@gamedevsam
Copy link
Author

Nevermind, turns out we were using a very old version of @unleash/proxy, my mistake.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

1 participant