My API accepts a JWT within the "Authorization" header as a Bearer token. Per CORS my API should allow every origin, but also accept the "Authorization" header to authenticate client requests.
Client side I am getting the CORS error: “Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.”, while working with an Application Specification file, where I added a CORS "allow_origins" setting containing "regex: .*", thus allowing every origin.
Since "allow_headers" or "allow_methods" are not yet available in the App Specification, I can't set them and the problem resides.
To solve the problem mentioned above I'd need to set a "allow_headers" setting like so:
allow_headers:
- authorization
Additionally it'd be nice to set "allow_methods" like so:
allow_methods:
- post
- options
I think this is the only thing stopping me from migrating some staging environments from droplets to the app platform, which I'd love to do : ).
Attachments Open full size
I'm having the same problem, unfortunently, it looks like they don't care.
Attachments Open full size
Ah please is this going to be a thing? I can't migrate to the App Platform if my app is going to be rejected for not allowing an Authorization header, which is happening on staging right now
Attachments Open full size