CORS request did not succeed, missing CORS header (mjml/api)
nicolasb827 opened this issue · comments
Describe the bug
I am trying to call api from a vue3 client app from firefox.
To Reproduce
Steps to reproduce the behavior:
- send OPTIONS request to API
- See error
There is no Access-Control-Allow-Origin in anwser. So POST request is denied.
Expected behavior
There should be
"Access-Control-Allow-Origin: localhost:8080" or "Access-Control-Allow-Origin: *"
MJML environment (please complete the following information):
- OS: MacOS
- MJML API V1 https://api.mjml.io/v1/render
- VUE3 / Curl
Email sending environment(for rendering issues):
N/A
Affected email clients (for rendering issues):
- Browser ALL
Screenshots
# curl -v 'https://api.mjml.io/v1/render' -X OPTIONS -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0' -H 'Accept: */*' -H 'Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3' -H 'Accept-Encoding: gzip, deflate, br' -H 'Access-Control-Request-Method: POST' -H 'Access-Control-Request-Headers: authentication,content-type' -H 'Referer: http://localhost:8080/' -H 'Origin: http://localhost:8080' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Sec-Fetch-Dest: empty' -H 'Sec-Fetch-Mode: cors' -H 'Sec-Fetch-Site: cross-site' -H 'Pragma: no-cache' -H 'Cache-Control: no-cache'
* About to connect() to api.mjml.io port 443 (#0)
* Trying 146.148.121.109...
* Connected to api.mjml.io (146.148.121.109) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* Server certificate:
* subject: CN=mjml.io
* start date: Mar 12 17:31:17 2024 GMT
* expire date: Jun 10 17:31:16 2024 GMT
* common name: mjml.io
* issuer: CN=R3,O=Let's Encrypt,C=US
> OPTIONS /v1/render HTTP/1.1
> Host: api.mjml.io
> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0
> Accept: */*
> Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
> Accept-Encoding: gzip, deflate, br
> Access-Control-Request-Method: POST
> Access-Control-Request-Headers: authentication,content-type
> Referer: http://localhost:8080/
> Origin: http://localhost:8080
> DNT: 1
> Connection: keep-alive
> Sec-Fetch-Dest: empty
> Sec-Fetch-Mode: cors
> Sec-Fetch-Site: cross-site
> Pragma: no-cache
> Cache-Control: no-cache
>
< HTTP/1.1 200 OK
< x-mj-request-guid: a20ec5dd-1865-4350-b501-2e31282c50c2
< date: Tue, 09 Apr 2024 09:02:26 GMT
< content-length: 71
< content-type: text/plain; charset=utf-8
<
Preflight aborted: headers '[Authentication Content-Type]' not allowed
* Connection #0 to host api.mjml.io left intact
*
Additional context
Your API keys will leak client side, so that's why CORS are not allowed for the API.
Hum, so it is not possible to integrate it directly from client side ? ....
ok, i will proxy the call, thank you.