lambda-api icon indicating copy to clipboard operation
lambda-api copied to clipboard

Published 20 hours ago verified publisher icon jeremydaly

CORS Error due to lowercase

Open Hobart2967 opened this issue 4 years ago • 4 comments
trafficstars

Firefox will not recognize cors headers due to them being lowercased:

https://github.com/jeremydaly/lambda-api/blob/0b753d855fd5be1f25b5291c78f25171d2151e19/lib/response.js#L68

Removing the "toLowerCase" fixes the issue.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://url.com/bla. (Reason: header ‘sentry-trace’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://url.com/bla. (Reason: CORS request did not succeed).

Hobart2967 avatar Feb 04 '21 10:02 Hobart2967

Added PR for this issue

Hobart2967 avatar Feb 04 '21 12:02 Hobart2967

Hi @Hobart2967. Lowercasing was done to be compatible with HTTP/2 and the change that Chrome made in version 60. See more here: https://github.com/elm/http/issues/31

I haven't looked into the status of the RFC or whether or not this has been reverted, but we can't just turn this off since it would break a number of existing applications. If you can share any updated research on this, then we can figure out a workaround that is backwards compatible.

jeremydaly avatar Feb 04 '21 13:02 jeremydaly

Got ya, but on the other hand you're dropping browser support. Will adjust the PR to make it configurable

Hobart2967 avatar Feb 08 '21 09:02 Hobart2967

See here: https://github.com/jeremydaly/lambda-api/pull/169

I added a configuration entry headerStyle that applies the non-compliant header styles.

Hobart2967 avatar Feb 08 '21 09:02 Hobart2967