FYI: CORS headers are being blocked again

nickvhockey13 · December 5, 2019, 5:46pm

Just a heads up, that yet again CORS headers are being removed from responses out of the http-functions. Non-CORS headers are being allowed through.

I have contacted support and hopefully this issue is resolved quickly… again.

https://www.wix.com/corvid/forum/community-discussion/bug-access-control-allow-origin-not-being-sent
https://www.wix.com/corvid/forum/community-discussion/corvid-stripping-cors-headers
https://www.wix.com/corvid/forum/community-discussion/removing-cors-headers-again

nickvhockey13 · December 5, 2019, 9:39pm

Update: No response from support yet and CORS headers are still missing.

However, this seems to only affect custom domains. If you make the call to your username.wixsite.com/sitename then it will work. So as a workaround, I’ve flipped all API calls to use the non-custom domain version of my site and that works.

giri-zano · December 5, 2019, 9:42pm

Been following this struggle of yours. Maddening. And worrying.

nickvhockey13 · December 5, 2019, 9:45pm

Definitely worrying, especially because it keeps happening. Although, support did confirm last time that this isn’t intentional. Initially I was worried they weren’t going to allow CORS headers at all. Fingers crossed using the non-custom domain keeps my sites up a little longer this time!

lee1 · December 6, 2019, 12:07am

This makes me glad I was lazy and never bothered returning all my HTTP calls back to their custom domains.

You’d have hoped they have automated tests in place to prevent or at least quickly detect this.

nickvhockey13 · December 6, 2019, 12:32am

Out of frustration, I may have suggested that an automated test might be useful in my report email. Especially after the second time it happened. But I also understand how that stuff can slip through the cracks amidst other priorities. I imagine the number of customers returning CORS headers from http-functions is relatively low.

nickvhockey13 · December 6, 2019, 6:07pm

No update yet on a fix, and it appears to still be broken, so if you need CORS headers, please use the username version of your domain instead of any custom domains you may have setup.

[https://username.wixsite.com/sitename](setup.

http://username.wixsite.com/sitename) (will pass through CORS headers)
[https://](setup.

http://username.wixsite.com/sitename) mycustomdomain.com (will block CORS headers)

Topic		Replies	Views
Removing CORS headers, AGAIN? Ask the community code , question	4	317	November 19, 2019
Corvid blocking CORS policy again? Ask the community code , question	1	122	February 27, 2020
blocked by CORS error Ask the community code , question	6	1272	February 20, 2020
Corvid stripping cors headers? Ask the community code , question	2	380	November 13, 2019
Bug: Access-Control-Allow-Origin not being sent Ask the community code , question	9	1308	November 13, 2019

FYI: CORS headers are being blocked again

Related topics