allow_headers config allways falls back to * #1133
Comments
|
read this: |
my issue is that I did not set |
|
@kaplanelad I'm completely desperate. The config seems to be ignored. Running this config: cors:
enable: true
# allow_credentials: true
allow_headers:
- content-type
- x-request-id
- x-powered-by
- content-length
- date
- connection
allow_origins:
- http://localhost:5173/
- http://localhost:5150and requesting, result in these headers in the response: I really don't know what I'm doing wrong here, since it looks right. Showing the config also looks right, but when actually running it, it seems like it's not applied correctly? |
|
One more thing: tower_http::cors::CorsLayer::new()
.allow_origin("http://localhost:5173".parse::<HeaderValue>().unwrap())
.allow_credentials(true)in which is correct. So I think this is 100% an issue with the config/how its applied. |
|
Thanks for the catch, @Mettwasser! Could you take a look at our setup here and help us identify what we might have missed? |
@kaplanelad No problem! I might have found something, alltho I am not sure. Unfortunately I don't have the time to investigate further. #[case("with_allow_headers", Some(vec!["token".to_string(), "user".to_string()]), None, None)]Then debugging the response variable, the |
|
@Mettwasser i'll check it |
|
Hi @Mettwasser, I've resolved this issue. Could you please test it by working with the cors-issues branch? Here's the link to the pull request for reference: #1152. Let me know if it resolves your problem! |
I'll get to it as soon as I can |
|
@kaplanelad doesn't seem like it's fixed. Still the same error, using server:
# Port on which the server will listen. the server binding is 0.0.0.0:{PORT}
port: 5150
# The UI hostname or IP address that mailers will point to.
host: http://localhost
# Out of the box middleware configuration. to disable middleware you can changed the `enable` field to `false` of comment the middleware block
middlewares:
static:
enable: false
must_exist: true
precompressed: false
folder:
uri: "/"
path: "frontend/build"
# fallback: "frontend/build/index.html"
cors:
enable: true
allow_credentials: true
allow_methods:
- GET
- POST
- PUT
- DELETE
- PATCH
- OPTIONS
allow_headers:
- content-type
- x-request-id
- x-powered-by
- content-length
- date
- connection
allow_origins:
- http://localhost:5173
- http://localhost:5150 |
|
Manually creating the CorsLayer works fine: CorsLayer::new()
.allow_origin(AllowOrigin::list([
"http://localhost:5173".parse::<HeaderValue>().unwrap(),
"http://localhost:5150".parse::<HeaderValue>().unwrap(),
]))
.allow_methods(AllowMethods::list([
axum::http::Method::GET,
axum::http::Method::POST,
axum::http::Method::PUT,
axum::http::Method::DELETE,
axum::http::Method::PATCH,
axum::http::Method::OPTIONS,
]))
.allow_headers(AllowHeaders::list([
HeaderName::from_lowercase(b"content-type").unwrap(),
HeaderName::from_lowercase(b"x-request-id").unwrap(),
HeaderName::from_lowercase(b"x-powered-by").unwrap(),
HeaderName::from_lowercase(b"content-length").unwrap(),
HeaderName::from_lowercase(b"date").unwrap(),
HeaderName::from_lowercase(b"connection").unwrap(),
]))
.allow_credentials(true) |
|
I copied your Cors configuration again, and the server is successfully running. Can you make sure that you are working with the update code? working from the master is good also, the PR was merged |
Description
The error in question:
This is the config I am using:
Additionally, running
cargo loco middleware --configyields this for corswhich does look right to me.
To Reproduce
Use the config shown above
Expected Behavior
Start without this config error
Environment:
development
The text was updated successfully, but these errors were encountered: