node-slack-sdk icon indicating copy to clipboard operation
node-slack-sdk copied to clipboard

Published 20 hours ago verified publisher icon slackapi

Web-API CORS Issue with Authorization Header

Open kaandok opened this issue 2 years ago • 2 comments

We're developing a browser application that uses @slack/web-api package to interact with the Slack API. As part of the change in https://github.com/slackapi/node-slack-sdk/pull/1337, auth token is now being sent in the Authorization header, however Slack API endpoints do not return this header as part of Access-Control-Allow-Headers in preflight requests.

This causes any version of @slack/web-api including and above 6.5.0 to not work in a browser environment. Versions 6.4.0 and below work as they send the token in the request body.

Is it possible to make this behavior (send in the body vs. the header configurable) or alternatively is it possible for Slack API endpoints to return the Authorization header as part of the Access-Control-Allow-Headers list in the preflight response?

Packages:

@slack/web-api

Reproducible in:

The Slack SDK version

6.5.0 and above

Node.js runtime version

16.15.1

OS info

any OS, Chrome latest version

Steps to reproduce:

  1. Use @slack/web-api v.6.5.0 or above to send a request to Slack API in a browser environment

Expected result:

@slack/web-api should work in a browser environment

Actual result:

@slack/web-api does not work in a browser environment

Requirements

For general questions/issues about Slack API platform or its server-side, could you submit questions at https://my.slack.com/help/requests/new instead. :bow:

Please read the Contributing guidelines and Code of Conduct before creating this issue or pull request. By submitting, you are agreeing to those rules.

kaandok avatar Jul 03 '22 12:07 kaandok

Hi @kaandok, thanks for writing in. I don't think that this project will add such a customization at least in the short term. If you need this right now, I would suggest creating your own small HTTP client for it.

seratch avatar Jul 03 '22 23:07 seratch

👋 It looks like this issue has been open for 30 days with no activity. We'll mark this as stale for now, and wait 10 days for an update or for further comment before closing this issue out. If you think this issue needs to be prioritized, please comment to get the thread going again! Maintainers also review issues marked as stale on a regular basis and comment or adjust status if the issue needs to be reprioritized.

github-actions[bot] avatar Aug 08 '22 00:08 github-actions[bot]

Thanks again for your time and interest here. Unfortunately, we are not planning to take any actions at least in the short term. Let us close this issue now.

seratch avatar Aug 15 '22 05:08 seratch