DigitalOcean home
  • Droplets
  • Spaces
  • Kubernetes
  • Tools & Integrations
  • One-click Apps
  • API Documentation
  • Community
  • Tutorials
  • Q&A
  • Projects
  • Meetups
  • Customers
  • Pricing
  • Docs
  • Support
  • DigitalOcean home
  • Products
    • Droplets

      Scalable compute services.

    • Spaces

      Simple object storage.

    • Kubernetes

      Run managed Kubernetes clusters.

    • Tools & Integrations

      Automate your infrastructure.

    • One-click Apps

      Deploy pre-built applications.

    • API Documentation
  • Customers
  • Community
    • Community Overview

      Connect, share and learn

    • Tutorials

      DevOps and development guides

    • Questions & Answers

      Development and systems Q&A

    • Projects

      Community-built integrations

    Get Involved
    Write for DOnations
    Join us at a Meetup
    Featured Post
    An Introduction to Kubernetes

    by Justin Ellingwood

  • Pricing
  • Docs
  • Support
    • Documentation

    • Contact Support

    • Network Status

  • Home /
  • APPX-I-94 /
  • New idea
7 Vote

Apps: Add CORS options "allow_headers" and "allow_methods" to Application Specification

My API accepts a JWT within the "Authorization" header as a Bearer token. Per CORS my API should allow every origin, but also accept the "Authorization" header to authenticate client requests.

Client side I am getting the CORS error: “Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.”, while working with an Application Specification file, where I added a CORS "allow_origins" setting containing "regex: .*", thus allowing every origin.

Since "allow_headers" or "allow_methods" are not yet available in the App Specification, I can't set them and the problem resides.

To solve the problem mentioned above I'd need to set a "allow_headers" setting like so:

allow_headers:

- authorization

Additionally it'd be nice to set "allow_methods" like so:

allow_methods:

- post

- options

  • Nicklas Reincke
  • Nov 4 2020
  • Needs review
Apps
  • Comments (3)
  • Votes (7)
  • Attach files
  • Michael Schofield commented
    8 Jan 07:17pm

    I think this is the only thing stopping me from migrating some staging environments from droplets to the app platform, which I'd love to do : ).

    ×

    Attachments Open full size

  • Matthew commented
    8 Jan 02:31am

    I'm having the same problem, unfortunently, it looks like they don't care.

    ×

    Attachments Open full size

  • Michael Schofield commented
    7 Jan 06:08pm

    Ah please is this going to be a thing? I can't migrate to the App Platform if my app is going to be rejected for not allowing an Authorization header, which is happening on staging right now

    ×

    Attachments Open full size

Log in / Sign up

Identify yourself with your email address

Subscribe

You won't be notified about changes to this idea.

Related ideas

DigitalOcean home

© 2018 DigitalOcean, LLC. All rights reserved.
Proudly made in NY

  • Twitter
  • Facebook
  • Instagram
  • YouTube
  • LinkedIn
  • Glassdoor
Company
About
Leadership
Blog
Careers
Partner Network
Referral Program
Events
Press
Legal & Security
Products
Droplets
Spaces
Kubernetes
Tools & Integrations
One-click Apps
API
Pricing
Documentation
Release Notes
Community
Tutorials
Meetups
Q&A
Write for DOnations
Droplets for Demos
Hatch
Shop Swag
Research Program
Currents Research
Open Source
Support
Contact Support
FAQ
Network Status