Corvid stripping cors headers?

nickvhockey13 · November 12, 2019, 1:25am

Everything was working great for a while, but all of the sudden all of the CORS requests are failing for functions I’ve setup in http-functions.js. I have various cors headers like:

Access-Control-Allow-Origin:
“https://myothersite.com”
Access-Control-Allow-Methods:
“GET,POST,OPTIONS”
Access-Control-Allow-Credentials:
“true”
Access-Control-Max-Age:
“86400”

Now those headers are missing from the response. I didn’t see anything in changelog related to cors headers no longer being allowed. Updates & Releases | Velo | Wix.com

Is this an intentional change by Corvid? Is there another way to do cors headers in Corvid http functions?

nickvhockey13 · November 12, 2019, 2:05am

I’ve tried a few things to get around this like using response instead of ok and taking out some of the CORS headers to see if some will get through. No luck. I do see that non-cors headers do get through like {‘extra-header’: ‘foo’}, but none of the ones needed for CORS are allowed and are stripped out of the response from the wix site.

nickvhockey13 · November 13, 2019, 3:48pm

Update: Wix has fixed the bug and CORS headers are allowed again!

Topic		Replies	Views
Removing CORS headers, AGAIN? Ask the community code , question	4	322	November 19, 2019
FYI: CORS headers are being blocked again Ask the community code , question	6	290	December 6, 2019
Bug: Access-Control-Allow-Origin not being sent Ask the community code , question	9	1317	November 13, 2019
Corvid blocking CORS policy again? Ask the community code , question	1	128	February 27, 2020
How to proprely setup CORS OPTIONS headers response? Ask the community code , question	0	371	February 29, 2020

Corvid stripping cors headers?

Related topics