Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Bug with access-control-allow-origin not splitting origins properly

See original GitHub issue

Hey people, thanks for the awesome work with testcafe, today I had an issue and started digging into the code, here is what I found:

Looks like the specified way to define the access-control-allow-origin attribute is separating them by comma followed by a space here.

With that being said, seems like castArray from lodash is not the proper function for this use case https://github.com/DevExpress/testcafe-hammerhead/blob/1aba97d0f2d1a973a0786d73b66408446bb284b3/src/request-pipeline/xhr/same-origin-policy.js#L21

When debugging locally, I found that actually what happens is the following:

castArray('localhost:3000, *')
[ 'localhost:3000, *' ]

Instead of

> castArray('localhost:3000, *')
[ 'localhost:3000', '*' ]

It creates a bug when checking if the request origin is included in the array or when checking if it’s wildcardAllowed: https://github.com/DevExpress/testcafe-hammerhead/blob/1aba97d0f2d1a973a0786d73b66408446bb284b3/src/request-pipeline/xhr/same-origin-policy.js#L35 https://github.com/DevExpress/testcafe-hammerhead/blob/1aba97d0f2d1a973a0786d73b66408446bb284b3/src/request-pipeline/xhr/same-origin-policy.js#L22

What do you guys think? Am I missing something here?

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:7 (5 by maintainers)

github_iconTop GitHub Comments

1reaction
miherlosevcommented, Aug 9, 2018

Hi @Nipher

Yes, it’s a bug. Thank you for the detailed investigation.

0reactions
lock[bot]commented, Mar 28, 2019

This thread has been automatically locked since it is closed and there has not been any recent activity. Please open a new issue for related bugs or feature requests. We recommend you ask TestCafe API, usage and configuration inquiries on StackOverflow.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Bug related to CORS - No Access Control Allow Origin
I created a web api in .net core 3.1. It is deployed on iis 8.5 InProcess. Configured CORS: services.AddCors(); services.AddControllers.... and
Read more >
3 Ways to Fix the CORS Error — and How the Access-Control ...
Fix one: install the Allow-Control-Allow-Origin plugin. The quickest fix you can make is to install the moesif CORS extension .
Read more >
[BUG] Rocket chat will always set header Access-Control ...
It will always include 'Access-Control-Allow-Origin'. The thing is that this way you can not do websocket, Rest-Api or RealTimeApi request.
Read more >
Reason: CORS header 'Access-Control-Allow-Origin' missing
The response to the CORS request is missing the required Access-Control-Allow-Origin header, which is used to determine whether or not the ...
Read more >
Troubleshooting FAQs for Recordings - Hotjar Documentation
Why do Recordings appear to be split or stop abruptly? Why do the pages look broken/no CSS loading? Why isn't Hotjar capturing any...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Mootools errors from testcafe seem to cause a button to not function after clicking it

Next page

[RequestHook]: add methods for manipulation with response headers