You cannot override this (for example) with:Ī().headers = 'Content-Type, Authorization'. It appears that enable_cors=True hard codesĪccess-Control-Allow-Headers = Content-Type only! It looks like access-control-allow-headers might even be hard coded in Anvil for Options calls!! I have tried changing the access-control-allow-headers but curl always shows only content-type allowed. # check User:Password from Authorization header against Anvil Users FileĮrrors: shown in Chrome tools Access to fetch at '' from origin '' has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.Ĭurl Options Output: C:\Users\user>curl -X OPTIONS -iĪccess-control-allow-methods: POST, PUT, DELETE, GET, OPTIONSĪccess-control-allow-headers: content-type R.headers = 'Origin, X-Requested-With, Content-Type, Accept, Authorization' R.headers = 'POST, PUT, DELETE, GET, OPTIONS' I have narrowed it down to Access-Control-Allow-Headers being the culprit but I can’t get anything other then Content-Type header allowed.Ĭode Sample: "OPTIONS"],enable_cors=True) I have read everything in the Anvil.Works forum and tried to adapt the answers to my endpoint. I originally had authenticate_users=True but I guessed that was stopping the Options call. I keep getting Cors Errors even though Enable_Cors=True is set. My calling app is doing a preflight Options call (although Curl does not appear to use a preflight Options call so does not cause the error) I am using a Get with http Basic Authentication Authorization header. Provide an endpoint to authenticate Users against the Anvil Users file.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |