CORS error: browser SDK adds x-sdk-version header and browser blocks request to API server

[dogada]

I do passwordless login using AffinidiWallet.initiateSignInPasswordless using "@affinidi/wallet-browser-sdk": "^6.0.0-beta.20" and prod environment. After entering confirmation code sent by AWS Cognito, SDK generate DID and sends request to:

https://affinity-registry.prod.affinity-project.org/api/v1/did/anchor-did

However this request is blocked by browser because Affinidi's API server doesn't allow custom 'x-sdk-version' (it allows only Access-Control-Allow-Headers: Content-Type,Authorization,Api-Key). So request is blocked with following error:

https://affinity-registry.prod.affinity-project.org/api/v1/did/anchor-did' from origin 'http://localhost:3000' has been blocked by CORS policy: Request header field x-sdk-version is not allowed by Access-Control-Allow-Headers in
preflight response.

Then when you try to login again with same email, SDK send request to:
https://affinity-wallet-backend.prod.affinity-project.org/api/v1/keys/readMyKey

But because of previous problem, user is in broken state and this request also fails with "There is no key for this user." error message:

[HTTP/1.1 404 Not Found 809ms]

{"serviceName":"WAL","code":"WAL-1","message":"There is no key for this user.","context":{"userId":"2d03700f-bdd6-4dcc-8a90-3da625fdcd4a"},"originalError":{},"httpStatusCode":404,"endpointUrl":"/api/v1/keys/readMyKey","inputParams":{}}

[dogada]

You can see the error on demo site: https://fucr.dogada.org (try to sign in with email or phone)

[anton-iskryzhytskyi]

@dogada Thank you for raising the issue, we are investigating that and will be back with a response soon