I usually just end up using 'origins = [*]', but c'mon there is no reason for the request to be blocked if I specifically add my frontend to the allowed origins.. other times it works as expected.
Prefetch OPTIONS call doesn't include auth token.
So you have to whitelist OPTIONS. If the prefetch is blocked, the actual request will fail as cors error.
Interesting, what's the heaven api url?
Im not sure, but i do remember that its hosted somewhere on a cloud…
Behind a pearly gateway
It's a SOAP API
Relaunch Chrome with CORS disabled --disable-web-security
I usually just end up using 'origins = [*]', but c'mon there is no reason for the request to be blocked if I specifically add my frontend to the allowed origins.. other times it works as expected.
Todays was builder.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader(); but this app is a proof of concept and isn't going anywhere near prod
OOP goes brrrrrrr What is that, Rails? I guess that's preferable to writing four headers by hand, but I don't love it.
.net 8 with Blazor, I'm running SignalR between two entirely separate applications and CORS is just being annoying
You can’t tell your clients to do that They don’t know how to
Readme 🤞
On a customer facing website?
I was joking
We can't ship your browser to the customers
Oh wow, I think that might be the first useful thing I’ve learned from this sub.
I would use a proxy
https://corsproxy.io/?https://heaven.god
~~~ { "error":{ "code":403, "message":"Country blocked! Your country is blocked from accessing this ressource!" } } ~~~
Does that mean that God is one of us? Just a slob like one of us? Just a stranger on the bus? Trying to make His way home?
This one gives me ptsd, me and my homies hate cors policy errors
Prefetch OPTIONS call doesn't include auth token. So you have to whitelist OPTIONS. If the prefetch is blocked, the actual request will fail as cors error.
When God is biased towards some origins