Project

General

Profile

Actions
Copy link

Bug #6146

closed

Access-Control-Allow-Headers content-length needed for cors

Added by Stephen West about 3 years ago. Updated almost 3 years ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
API
Target version:
-
Start date:
2022-03-06
Due date:
% Done:

0%

Estimated time:
Found in version:
4.3.0~pre+202110210014-0~built202110210403~gitc6bb43d85~ubuntu18.04.1
Affected Versions:

Description

I started a project to use grid data from the api, set the Access-Control-Allow-Origin: *, but still ran into a cors issue.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://tvheadend:9981/api/epg/events/grid. (Reason: header ‘content-type’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response).

Setting the value seemed to resolve the issue in chrome 99 and firefox 97. I set it in the via:


diff --git a/src/http.c b/src/http.c
index 06d5e7617..1e166c8b0 100644
--- a/src/http.c
+++ b/src/http.c
@@ -370,7 +370,7 @@ http_send_header(http_connection_t *hc, int rc, const char *content,
     if (config.cors_origin && config.cors_origin[0]) {
       htsbuf_qprintf(&hdrs, "Access-Control-Allow-Origin: %s\r\n%s%s%s", config.cors_origin,
                             "Access-Control-Allow-Methods: POST, GET, OPTIONS\r\n",
-                            "Access-Control-Allow-Headers: x-requested-with,authorization\r\n",
+                            "Access-Control-Allow-Headers: x-requested-with,authorization,content-type\r\n",
                             "Access-Control-Allow-Credentials: true\r\n");
     }
   }

Actions
Copy link

Also available in: Atom PDF