Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

CORS doesn't work with `DependsOnMethod`

See original GitHub issue

I was trying express-zod-api and found errors with CORS.

imagen

For request with methods different of GET and POST, it looks like the CORS middleware doesn’t exits, similar to #514

Reproduction repository https://github.com/leosuncin/express-zod-api-cors-error

Issue Analytics

State:
Created 10 months ago
Comments:10 (7 by maintainers)

Top GitHub Comments

2reactions

leosuncincommented, Nov 26, 2022

The OPTIONS request

curl 'http://localhost:3010/hello' -X OPTIONS -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:107.0) Gecko/20100101 Firefox/107.0' -H 'Accept: */*' -H 'Accept-Language: es-MX,es;q=0.8,en-US;q=0.5,en;q=0.3' -H 'Accept-Encoding: gzip, deflate, br' -H 'Access-Control-Request-Method: PUT' -H 'Referer: http://localhost:3020/' -H 'Origin: http://localhost:3020' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Sec-Fetch-Dest: empty' -H 'Sec-Fetch-Mode: cors' -H 'Sec-Fetch-Site: same-site' -H 'Pragma: no-cache' -H 'Cache-Control: no-cache'

The PUT request

curl 'http://localhost:3010/hello' -X PUT -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:107.0) Gecko/20100101 Firefox/107.0' -H 'Accept: */*' -H 'Accept-Language: es-MX,es;q=0.8,en-US;q=0.5,en;q=0.3' -H 'Accept-Encoding: gzip, deflate, br' -H 'Referer: http://localhost:3020/' -H 'Origin: http://localhost:3020' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Sec-Fetch-Dest: empty' -H 'Sec-Fetch-Mode: cors' -H 'Sec-Fetch-Site: same-site'

Both works in the terminal, but not in the browser

Download CORS_error.zip, unzip it and upload the HAR file to https://toolbox.googleapps.com/apps/har_analyzer/

0reactions

RobinTailcommented, Nov 27, 2022

The issue with allowed methods is fixed in recently released v8.4.1 🚀 Thank you again for finding this, @leosuncin I’m also going to fix it in v7.

It should work in your repo now, but without authorization. In order to allow Authorization header, consider changing cors config option into a function. See the example above.