Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
"Error: Headers Authorization forbidden" in CORS
See original GitHub issueHey,
I have a test running with jsdom, in which i’m sending a cross-origin request with an Authorization header (i’m using nock to mock the server).
As expected, an OPTIONS preflight request is sent.
However i’m receiving an exception, saying that the Authorization header is forbidden in the preflight request.
Since i’m not controlling which headers are being sent in the preflight request, I have a feeling that this might be a bug.
So I searched the code a bit, and tried to debug this, and I encountered this line of code: https://github.com/jsdom/jsdom/blob/4bc7f53fed9a5387275f52ae07a85e7d4b790391/lib/jsdom/living/xhr-utils.js#L91
It seems that in the validCORSPreflightHeaders function, the original request headers are being validated instead of the preflight headers.
Is this correct? Or am I missing something?
Issue Analytics
- State:
- Created 5 years ago
- Reactions:1
- Comments:6 (2 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
After trying to duplicate the error without
axiosandnock, i’ve resolved the issue. I have forgotten to add the header:'access-control-allow-headers': 'Authorization'in my response from the server.Sorry for taking your time, and thanks for your help.
Can you provide a minimal example to reproduce this issue, per the issue template? Including important information like the versions in use, etc. We can’t really debug based on this description.