Multiple Header Support

[Jay206-Programmer]

In my web application, the Frontend needs to send multiple custom headers (Ex. username, userid, pagename, etc.) for authorization & other use cases.

The Normal Rest Api (GET, POST) communication with the server is working fine, but the Server Sent Event connection is giving CORS error in the preflight request.

I am using django-cord-headers together with eventstream cors flags to handle CORS. Here are my configs in the settings.py:

I believe that the CORS_ALLOWED_HEADERS doesn't work with eventstream. But also at the same time, the EVENTSTREAM_ALLOW_HEADER only takes one header as mentioned here.

What can I do if I want to allow multiple headers (Ex. username, pagename, userid) in the eventstream as well?

Below is my asgi.py file:

[jkarneges]

The docs are a little confusing. The EVENTSTREAM_ALLOW_HEADERS option is used as the value of the Access-Control-Allow-Headers response header. It is a single string value, but that value can be something like 'Header1, Header2'.

[nasir-fs]

@jkarneges I tried your suggestion but still getting CORS issues.
Access to resource at 'https://dev-communicationapi.cleverstack.in/api/events/' from origin 'http://localhost:3000' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost:3000,http://127.0.0.1:3000,https://cleverstack.in,https://dev-auth.cleverstack.in,https://home.cleverstack.in,https://dev-app.cleverstack.in,https://dev-communicationapi.cleverstack.in', but only one is allowed.

[jkarneges]

Access-Control-Allow-Origin is different from Access-Control-Allow-Headers. Probably only one value is allowed.