Correct Syntax For Specifying Header Key Value Pairs

Question

Correct Syntax For Specifying Header Key Value Pairs

conradwt opened this issue 3 years ago · comments

Hi, I need to set the following two response headers instead of resorting to using allow_headers: :all for plug Corsica:

Access-Control-Allow-Origin: https://studio.apollographql.com
Access-Control-Allow-Credentials: true

At this time, I have the following which doesn't work as expected:

plug Corsica,
  expose_headers: [
    "Access-Control-Allow-Origin": ["https://studio.apollographql.com"]
    "Access-Control-Allow-Credentials": true
  ]

or

plug Corsica,
    origins: ["https://studio.apollographql.com"],
    allow_credentials: true

Andrea Leopardi · Answer 1 · Thu Apr 08 2021 21:51:54 GMT+0800 (China Standard Time)

Hi @conradwt thanks for the report. In the first example you have http and not https (as you mention at the beginning).

In order to debug this I need more detail. What error are you getting? How are you verifying that Corsica is not adding the right headers? Where are you sticking the plug Corsica call?

Conrad Taylor · Answer 2 · Fri Apr 09 2021 04:22:49 GMT+0800 (China Standard Time)

@whatyouhide First, I have updated the URL for the Origin. Next, I'm seeing the following error in the browser:

In the browser, I'm seeing the following error messages:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:4000/graphiql. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:4000/graphiql. (Reason: CORS request did not succeed).

Also, I'm not seeing these response headers within the Firefox Dev Tools -> Network tab. I'll see if I can understand what allow_headers: :all is doing in code.

Andrea Leopardi · Answer 3 · Fri Apr 09 2021 15:41:22 GMT+0800 (China Standard Time)

I still don't have any code that you showed to work off of so still not going to be able to help much 😌

Conrad Taylor · Answer 4 · Sat Apr 10 2021 03:34:33 GMT+0800 (China Standard Time)

@whatyouhide Hi, here's a branch that contains the issue:

https://github.com/conradwt/zero-to-graphql-using-phoenix/tree/fix-cors

Andrea Leopardi · Answer 5 · Sun Apr 18 2021 00:25:56 GMT+0800 (China Standard Time)

Hey @conradwt! Sorry if I wasn't clear. I need a minimal reproducing case or something really quick and easy to set up that lets me see the issue. Ideally, you can paste your endpoint/router here and the request you're making (with curl, so it's easy to understand) and I can help you debug. Thank you in advance.

Andrea Leopardi · Answer 6 · Thu Sep 09 2021 14:54:49 GMT+0800 (China Standard Time)

Closing this for inactivity. Feel free to reopen 🙃.