fastify-static icon indicating copy to clipboard operation
fastify-static copied to clipboard

Published 20 hours ago verified publisher icon fastify

Cors headers not set on static site response

Open sarunluitel opened this issue 3 years ago • 1 comments

Prerequisites

  • [X] I have written a descriptive issue title
  • [X] I have searched existing issues to ensure the bug has not already been reported

Fastify version

3.29

Plugin version

5.0.2

Node.js version

16

Operating system

Linux

Operating system version (i.e. 20.04, 11.3, 10)

ubuntu 20.04

Description

I am using @fastify/cors, @fastify/helmet and @fastify/static on a project. I have set helmet and cors for all endpoints in the project. All other endpoints return response with header:

access-control-allow-origin : https://www.domain.com

but not the response sent from reply.sendFile for static file serve. The headers from helmet are present on the sendFile response

Steps to Reproduce

server.register(fastifyHelmet); // for best practice headers
server.register(fastifyCors, {
  origin: ['https://www.domain.com', 'https://dev.domain.com'],
  credentials: true,
});
server.register(staticFileServe,{
  root: join(__dirname, '../uploads'),
});

// later on the send endpoint
res.code(200).sendFile('path/to/file');

Expected Behavior

response header should have a header access-control-allow-origin : https://www.domain.com

sarunluitel avatar May 14 '22 21:05 sarunluitel

Can you provide steps to reproduce? We often need a reproducible example, e.g. some code that allows someone else to recreate your problem by just copying and pasting it. If it involves more than a couple of different file, create a new repository on GitHub and add a link to that.

mcollina avatar May 14 '22 22:05 mcollina