Message-ID: <1859981c-bf4e-4b2a-463e-01b40ad51cc0@priesch.co.at> Date: Tue, 7 Jun 2022 11:56:00 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1 Subject: Re: [issue2551203] Add support for CORS preflight request Content-Language: de-AT To: Roundup tracker References: <1654094311.12.0.815421970657.issue2551203@roundup.psfhosted.org> From: Marcus Priesch Organization: priesch.co.at - open source consulting In-Reply-To: <1654094311.12.0.815421970657.issue2551203@roundup.psfhosted.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Hi John, sorry for not answering for that long, but i was off for sick-leave :( Thanks for the patch, i have tested it and it works ! unsetting allowed_api_origins leads to a 400, setting it to * or http://localhost:8081 (where the frontend server is running) works :) so i think for this we can apply this patch and go ahead ;) btw: as per your request, here are the headers from the preflight request as seen from devtools: request: OPTIONS /t/rest/data/time_activity?@sort=name&@verbose=0&@fields=name,id,description,travel&is_valid=1 HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9,de;q=0.8 Access-Control-Request-Headers: content-type,x-requested-with Access-Control-Request-Method: GET Cache-Control: no-cache Connection: keep-alive Host: localhost:8080 Origin: http://localhost:8081 Pragma: no-cache Referer: http://localhost:8081/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36  answer: HTTP/1.1 204 No Content Server: BaseHTTP/0.3 Python/2.7.18 Date: Tue, 07 Jun 2022 09:49:24 GMT Access-Control-Allow-Methods: OPTIONS, GET, POST Access-Control-Max-Age: 86400 Vary: Origin, Origin Allow: OPTIONS, GET, POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: http://localhost:8081 Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With, X-HTTP-Method-Override thanks for the nice work and good support ! regards, marcus.