Fairing CORS fails preflight check

Question

Fairing CORS fails preflight check

matthias-Q opened this issue 2 years ago · comments

I have configured rocket_cors the following way (following the fairing example):

let cors = CorsOptions {
        allowed_origins,
        allowed_methods: vec![Method::Get, Method::Post, Method::Delete, Method::Patch]
            .into_iter()
            .map(From::from)
            .collect(),
        allowed_headers: AllowedHeaders::some(&["Authorization", "Accept"]),
        allow_credentials: true,
        ..Default::default()
    }
    .to_cors()
    .unwrap();

//...//

rocket.build().attach(cors)

However, when I want to make a PATCH call from my yew.rs webapp using reqwasm I get an OPTION 403. What do I miss here?

Rocket with log = "debug" says:

   >> CORS Error: Headers are not allowed
GET /cors/403:
   >> Matched: GET /cors/<status>
   >> Outcome: Failure
   >> No 403 catcher registered. Using Rocket default.
   >> Response succeeded.

I am using rocket=0.5.0.rc.1 and the master branch of rocket_cors

Matthias Q · Answer 1 · Mon Jun 13 2022 04:46:25 GMT+0800 (China Standard Time)

Removing the allowed_headers did the trick. I missed that using the wildcard and having