mbin icon indicating copy to clipboard operation
mbin copied to clipboard
verified publisher icon MbinOrg

GET to /authorize and POST /token does not have CORS headers

Open aeharding opened this issue 6 months ago • 0 comments

Describe the bug

Anything not under /api (such as /authorize and /token) don't have CORS headers.

On which Mbin instance did you find the bug? fedia.io

Which Mbin version was running on the instance? 1.8.2

To Reproduce Steps to reproduce the behavior:

Do the authorize flow. on a POST to /token, observe CORS headers are not set.

CORS headers are necessary for 3rd party webapps.

Expected behavior

CORS on /token and /authorize

Screenshots

Image

Desktop (please complete the following information):

  • OS: [e.g. iOS]
  • Browser: [e.g. chrome, safari]
  • Browser Version: [e.g. 123]

Smartphone (please complete the following information):

  • Device: [e.g. iPhone6]
  • OS: [e.g. iOS8.1]
  • Browser: [e.g. stock browser, safari]
  • Browser Version: [e.g. 123]

Additional context Add any other context about the problem here.

aeharding avatar Jul 12 '25 17:07 aeharding