CORS issue when using additional headers
netgfx opened this issue · comments
Runtime
browser
Runtime version
125.0.6422.142
Module version
21.3.10
Last module version without issue
No response
Used with
hapi
Any other relevant information
const server = Hapi.server({
port: 3000,
host: 'localhost',
"routes": {
"cors": {
"origin": ["*"],
"additionalHeaders": ["Ngrok-Skip-Browser-Warning"]
}
}
});
I have setup a nodejs app with hapi endpoints, and exposed them through ngrok
I'm sending the extra header Ngrok-Skip-Browser-Warning to avoid the warning page of ngrok, but I get response CORS error on preflight
Access to fetch at 'https://....ngrok-free.app/screenshot?url=https://www.git-scm.com/' from origin 'https://something.something.app' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values 'https://something.something.app, *', but only one is allowed. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
I have also tried cors: true but then it says that there is an extra header present and still fails.
API request from postman works correctly.
What are you trying to achieve or the steps to reproduce?
Making a simple fetch request towards the endpoint
fetch(${API_URL}/screenshot?url=${data.url}
, {
method: "GET",
headers: {
"Content-Type": "application/json",
"ngrok-skip-browser-warning": "any",
},
})
What was the result you got?
Access to fetch at 'https://....ngrok-free.app/screenshot?url=https://www.git-scm.com/' from origin 'https://something.something.app' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values 'https://something.something.app, *', but only one is allowed. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
What result did you expect?
No cors error
This seems like a usage or integration issue with ngrok.
We don't support ngrok, so if you think there is a bug in hapi, please isolate the issue to it.
That might be the case yes. I ended up switching to another library that probably has ngrok support since it was needed in my use case.