elysiajs
CORS not working correctly when aot is false
What version of Elysia.JS is running?
1.0.21
What platform is your computer?
Darwin 23.4.0 arm64 arm
What steps can reproduce the bug?
const app = new Elysia({
aot: false
}).use(cors({
credentials: true,
})).get("/", () => "Hello Elysia").listen(3000);
and do a curl localhost:3000 -X OPTIONS -v
Access-Control-Allow-Credentials header is not set in header. Upon digging @elysiajs/cors, app.headers(defaultHeaders) calls are not setting the headers when not in AOT mode.
What is the expected behavior?
CORS to be working properly with/ without AOT.
What do you see instead?
CORS only work properly with AOT.
Additional information
No response
Same issue, the test passed when aot is disabled, failed when enabled.
import { describe, expect, it } from 'bun:test';
import Elysia from "elysia";
import { cors } from '@elysiajs/cors';
const app = new Elysia({ aot: false })
.use(cors({
origin: '*'
})).get('/up', 'ok')
describe('app is up', () => {
it('request /up', async () => {
const response = await app.handle(new Request('http://localhost/up'))
const result = await response.text()
expect(result).toBe('ok')
})
})
I have the same issue, I believe all defaultHeaders are impacted.
A temporary workaround is to set the credentials header manually as such:
.onRequest(({ set }) => {
set.headers['access-control-allow-credentials'] = 'true';
})
I am wondering what is happening behind the scenes with aot 🤔
Personally, I am running in cloudflare workers, so I am forced to set aot to false because it looks like it runs eval somehow, which is not allowed
Fixed with 8ca9775b12d7ba7aec4d495ca7234571a5778797, should be published under 1.3.9
You can try it out now on >= 1.3.9-beta.5
Closing as complete
