Conversation
When using browser to request resource from IPFS, browser uses a preflight request with content-type header. So without content-type in the allowed list, the request will fail.
|
This shouldn't be necessary according to the second paragraph here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers |
I am developing a web site. and from that web site, there is a request that links to a IPFS gateway. So it is a CORS request. But without content-type added to the allowed header in IPFS config, the request fails. The following message is from Chrome. It's the same in firefox. Access to fetch at 'http://localhost:8080/ipfs/QmYwdHKn3bGePULMqhqmTiM2JjQPEc8sYwEuDYDaa2DP6r' from origin 'http://localhost:3000' has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response. |
| "Content-Range", | ||
| "X-Chunked-Output", | ||
| "X-Stream-Output", | ||
| "content-type" |
There was a problem hiding this comment.
| "content-type" | |
| "Content-Type", |
(to be consistent)
There was a problem hiding this comment.
Also needs to end with a comma.
|
Ah, I see. That only applies to form data and text. I assume you're trying to write to a writable gateway, right? @lidel or @hsanjuan you both know more about this than I do, does this look correct? That is, should users be able to POST with arbitrary content types to a writable gateway. As far as I can tell, the answer is yes. |
|
No. It's just a GET request. Just it's a CORS request. |
|
Wait, are you passing a Content-Type header? |
|
I don't see anything wrong with this PR. The gateway sets correct Content-Type headers (well, So LGTM (after the small consistency change). |
|
Also, might kill this one too #5138 |
fixes #5138 -- always add user-agent to access-control-allow-headers. fixes #5888 -- same with content-type. fixes #5892 -- extend user-provided headers instead of overriding them. License: MIT Signed-off-by: Steven Allen <[email protected]>
ghost
assigned
|
I'm going fix this all at once in #5893. |
|
@popmanhe thanks for finding this. |
fixes #5138 -- always add user-agent to access-control-allow-headers. fixes #5888 -- same with content-type. fixes #5892 -- extend user-provided headers instead of overriding them. License: MIT Signed-off-by: Steven Allen <[email protected]>
4 participants
When using browser(chrow, firefox) to request a resource from IPFS, browser uses a preflight request with content-type header. So without content-type in the allowed list, the request will fail.