Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

--cors not working

See original GitHub issue

XMLHttpRequest cannot load http://127.0.0.1:8081/feeds.json. Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response

$ http-server --cors
Starting up http-server, serving ./
Available on:
  http://127.0.0.1:8081
  http://192.168.1.3:8081

Here are the headers:

Response Headers
access-control-allow-headers:Origin, X-Requested-With, Content-Type, Accept, Range
access-control-allow-origin:*
Connection:keep-alive
Date:Sun, 03 Sep 2017 07:51:28 GMT

Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:authorization
Access-Control-Request-Method:GET

This is the OPTIONS request in chrome that is failing.

Issue Analytics

State:
Created 6 years ago
Comments:29 (6 by maintainers)

Top GitHub Comments

32reactions

ralyodiocommented, Sep 11, 2017

I had to pass --cors=Authorization

15reactions

danieladams456commented, Sep 12, 2018

This is potentially unrelated to some of the more specific comments, but in general if you’re only testing in browser, the default caching of one hour can cause the non-cors response to be cached and fail to get the new cors response.