Bug #6146
Access-Control-Allow-Headers content-length needed for cors
0%
Description
I started a project to use grid data from the api, set the Access-Control-Allow-Origin: *, but still ran into a cors issue.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://tvheadend:9981/api/epg/events/grid. (Reason: header ‘content-type’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response).
Setting the value seemed to resolve the issue in chrome 99 and firefox 97. I set it in the via:
diff --git a/src/http.c b/src/http.c
index 06d5e7617..1e166c8b0 100644
--- a/src/http.c
+++ b/src/http.c
@@ -370,7 +370,7 @@ http_send_header(http_connection_t *hc, int rc, const char *content,
if (config.cors_origin && config.cors_origin[0]) {
htsbuf_qprintf(&hdrs, "Access-Control-Allow-Origin: %s\r\n%s%s%s", config.cors_origin,
"Access-Control-Allow-Methods: POST, GET, OPTIONS\r\n",
- "Access-Control-Allow-Headers: x-requested-with,authorization\r\n",
+ "Access-Control-Allow-Headers: x-requested-with,authorization,content-type\r\n",
"Access-Control-Allow-Credentials: true\r\n");
}
}
History
Updated by Flole Systems over 2 years ago
- Status changed from New to Invalid
Bug reports for unofficial, modified versions are not accepted. Use latest master (and submit a PR against it) or contact the maintainer of your build for support.
Updated by Stephen West over 2 years ago
Re-verefied on master: 26713c1
PR opened: https://github.com/tvheadend/tvheadend/pull/1455