Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New version 9.x.x is causing Cors Erros #246

Closed
2 tasks done
RicardoGuiliani opened this issue Aug 2, 2023 · 2 comments · Fixed by #247
Closed
2 tasks done

New version 9.x.x is causing Cors Erros #246

RicardoGuiliani opened this issue Aug 2, 2023 · 2 comments · Fixed by #247

Comments

@RicardoGuiliani
Copy link

Prerequisites

  • I have written a descriptive issue title
  • I have searched existing issues to ensure the bug has not already been reported

Fastify version

4.21.0

Plugin version

Tested on 9.0.0, 9.0.1 and 9.0.2

Node.js version

18.17.0

Operating system

Linux

Operating system version (i.e. 20.04, 11.3, 10)

Debian 11

Description

After new version 9.x.x, fastify-cookie plugin is causing cors errors only when headers are added to request and it does not happen in previous versions. Before 9.x.x version, everything was working properly.

When I add headers to request, the fastify server returns cors error

Access to fetch at 'https://api.mydomain.com/users' from origin 'https://app.mydomain.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

If I remove headers or remove fastify-cookie plugin, it works properly. It only happens on new 9.x.x version of fastify-cookie plugin

Steps to Reproduce

API Server:

import fastify from 'fastify';
import cors from '@fastify/cors';
import cookie from '@fastify/cookie';

const build = async (opts = {}) => {
  const app = fastify(opts);

  await app.register(cors, {
    origin: 'https://app.mydomain.com',
    credentials: true,
  });
  await app.after();

  await app.register(cookie, { secret: 'MySecretKey' });
  await app.after();

  // users route
  app.post('/users', async function (req, res) {
    const token = req.headers['x-token'];
    const body = req.body;

    res.send({ token, body });
  });

  return app;
};

const server = await build({ logger: true, trustProxy: true });

const start = async () => {
  try {
    await server.ready();
    await server.listen({ port: 3000 });
  } catch (err) {
    server.log.error(err);
    process.exit(1);
  }
};

await start();

Client Side Fetch Request:

(async () => {
    const res = await fetch('https://api.mydomain.com/users', {
        method: 'POST',
        credentials: 'include',
        body: 'mybodystring',
        headers: {
          'x-token': 'mytokenvalue',
        },
    });

    const data = await res.json();

    console.log(res);
    console.log(data);
 })();

Expected Behavior

I expect everything work properly as it was working on previous versions
@mcollina
Copy link
Member

mcollina commented Aug 2, 2023

Already fixed in #245, sending out a release right now

@mcollina mcollina closed this as completed Aug 2, 2023
@mcollina mcollina reopened this Aug 2, 2023
@mcollina
Copy link
Member

mcollina commented Aug 2, 2023

Unfortunately no, it's still broken.

@mcollina mcollina mentioned this issue Aug 2, 2023
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix support for response that does not set a cookie fastify/fastify-cookie
2 participants
@mcollina @RicardoGuiliani