Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Custom header test failing #116

Open
nolanlawson opened this issue Sep 1, 2015 · 6 comments
Open

Custom header test failing #116

nolanlawson opened this issue Sep 1, 2015 · 6 comments
Labels
bug difficulty: medium has test case help wanted

Comments

@nolanlawson
Copy link
Member

In the PouchDB test suite, the "custom header" test is failing.

I would like to just whitelist all X-* headers, since this is apparently the correct CORS behavior (CouchDB and our proxy both do that), but unfortunately it seems to be an open unresolved issue in Corser: agrueneberg/Corser#2
@nolanlawson
Copy link
Member Author

You can only repro this by NOT using a proxy, btw.

@nolanlawson
Copy link
Member Author

A dumb solution that I can confirm works is to just add X-Custom to the list of allowed headers, but this is a dumb fix because it only works for that particular test.

@nolanlawson
Copy link
Member Author

I don't see a good way to fix this, and corser doesn't seem to be recently maintained. Maybe switch to https://github.com/expressjs/cors instead?

@nolanlawson
Copy link
Member Author

Easiest way to repro:

 curl -v 'http://localhost:6984/test_http/?_nonce=1441075737857' -X OPTIONS -H 'Access-Control-Request-Method: GET' -H 'Origin: http://localhost:8000' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-US,en;q=0.8' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36' -H 'Accept: */*' -H 'Referer: http://localhost:8000/tests/integration/?grep=custom%20header' -H 'Connection: keep-alive' -H 'Access-Control-Request-Headers: accept, x-custom' --compressed

Does not send back Access-Control-Allow-Headers, whereas this one does:

curl -v 'http://localhost:6984/test_http/?_nonce=1441075737857' -X OPTIONS -H 'Access-Control-Request-Method: GET' -H 'Origin: http://localhost:8000' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-US,en;q=0.8' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36' -H 'Accept: */*' -H 'Referer: http://localhost:8000/tests/integration/?grep=custom%20header' -H 'Connection: keep-alive' -H 'Access-Control-Request-Headers: accept' --compressed

@marten-de-vries
Copy link
Member

An alternative lib is ok with me it that's the only fix. The main thing would be integrating it with the config again, I imagine (but the current corser implementation probably gives a good idea how to do that.)

@nolanlawson
Copy link
Member Author

This bug can still be repro'd, although for whatever reason it's no longer the case that the PouchDB test suite is failing.

@arunp0 arunp0 mentioned this issue Oct 11, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug difficulty: medium has test case help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nolanlawson @marten-de-vries