Correct Syntax For Specifying Header Key Value Pairs
conradwt opened this issue · comments
Hi, I need to set the following two response headers instead of resorting to using allow_headers: :all for plug Corsica
:
Access-Control-Allow-Origin: https://studio.apollographql.com
Access-Control-Allow-Credentials: true
At this time, I have the following which doesn't work as expected:
plug Corsica,
expose_headers: [
"Access-Control-Allow-Origin": ["https://studio.apollographql.com"]
"Access-Control-Allow-Credentials": true
]
or
plug Corsica,
origins: ["https://studio.apollographql.com"],
allow_credentials: true
Hi @conradwt thanks for the report. In the first example you have http
and not https
(as you mention at the beginning).
In order to debug this I need more detail. What error are you getting? How are you verifying that Corsica is not adding the right headers? Where are you sticking the plug Corsica
call?
@whatyouhide First, I have updated the URL for the Origin. Next, I'm seeing the following error in the browser:
In the browser, I'm seeing the following error messages:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:4000/graphiql. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:4000/graphiql. (Reason: CORS request did not succeed).
Also, I'm not seeing these response headers within the Firefox Dev Tools -> Network tab. I'll see if I can understand what allow_headers: :all is doing in code.
I still don't have any code that you showed to work off of so still not going to be able to help much 😌
@whatyouhide Hi, here's a branch that contains the issue:
https://github.com/conradwt/zero-to-graphql-using-phoenix/tree/fix-cors
Hey @conradwt! Sorry if I wasn't clear. I need a minimal reproducing case or something really quick and easy to set up that lets me see the issue. Ideally, you can paste your endpoint/router here and the request you're making (with curl
, so it's easy to understand) and I can help you debug. Thank you in advance.
Closing this for inactivity. Feel free to reopen 🙃.