Hi I'm new on OCaml community :) ,

I've detect this issue while I've worked on school project.

When my Opium/ OCaml App raise an exception it give an Internal server Error with theses informations :

Code : 500
Response Body : "Internal Server Error"
Response Headers: {
Content-Length : 21
}

JS interpret this response as CORS problem due to the missing 'Access-Control-Allow-Origin' children in the header.

Access to fetch at 'http://localhost:3030/entreprise' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

To me it should be an issue for JS, but it could be great if Internal Server Error while an exception gives the sames generic response headers as it's configured in the app.

So if I provide my middleware like :

let app = App.empty 
|> App.port 3030 
|> App.cmd_name Infra.Environment.app_name 
|> App.middleware (Middleware.logger)
|> App.middleware (Middleware.allow_cors ~origins:["*"] ~expose:[ "*"]  ())
|> Api.add_routes

it should give ' Access-Control-Allow-Origin:"*" ' on any response header.

As I'm new it could be already done, but if it's not I'm happy to report this issue,

Cheers,
Florian