CORS: Error Response Headers without access-control-allow-origin: *
NikitaIT opened this issue · comments
Swagger show CORS error instead of Error 400.
OS Version:
Chrome
Expected behavior
curl -X 'GET' \
'https://testnet.veblocks.net/accounts/015034aa590125b64023a0262112b98d72e3c8e40e' \
-H 'accept: application/json'
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,x-genesis-id
access-control-allow-methods: GET, POST, OPTIONS, HEAD
+ access-control-allow-origin: *
access-control-expose-headers: x-genesis-id,x-thorest-ver
access-control-max-age: 86400
...
Actual behavior
Errors without access-control-allow-origin: *
Ok
curl -X 'GET' \
'https://testnet.veblocks.net/accounts/0x5034aa590125b64023a0262112b98d72e3c8e40e' \
-H 'accept: application/json'
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,x-genesis-id
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-origin: *
access-control-expose-headers: x-genesis-id,x-thorest-ver
access-control-max-age: 86400
...
Error 400: address: invalid prefix
curl -X 'GET' \
'https://testnet.veblocks.net/accounts/015034aa590125b64023a0262112b98d72e3c8e40e' \
-H 'accept: application/json'
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,x-genesis-id
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-expose-headers: x-genesis-id,x-thorest-ver
access-control-max-age: 86400
...
Steps to reproduce the behavior
Go to https://testnet.veblocks.net/accounts/015034aa590125b64023a0262112b98d72e3c8e40e
I think this is not the CORS issue. The error is Error 400: address: invalid prefix
, check the address you provided. It should be
- 015034aa590125b64023a0262112b98d72e3c8e40e
+ 0x5034aa590125b64023a0262112b98d72e3c8e40e
@libotony I checked the errors returned by the API. And in the case of a valid request(0x5034aa590125b64023a0262112b98d72e3c8e40e
), everything works fine as I indicated above. But if the request result is error (address: invalid prefix
), then there is no CORS header in it.
In my case, I want to extend the Swagger config to generate the client correctly. This requires a bit of config tweaking. But I can't test it quickly without proxy due to CORS.
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/Account'
'400':
description: Error
content:
text/plain:
schema:
format: 'ValidationError'
type: string
Sorry, I just got your point. You need access-control-allow-origin
to present even if it's a bad request right?
I'll look into that.