Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
How to connect a DigitalOcean domain to Wix by Pointing Question Question
Issue with ubuntu 16.04 after migration Question Question

Question

App Platform: Could there be a "allow_headers" option for CORS?

Posted November 3, 2020 1.9k views
Configuration ManagementCI/CDDigitalOcean App Platform

Hey there.

I am getting the CORS error: “Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.”

This is due to not being able to set “allow_headers” in the App Specification file. (This key does not yet exist.)

Is there any way to do something about this?

Stay healthy!
Nick

Related questions:

Add a comment
nickreynke
By:
nickreynke

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
How to connect a DigitalOcean domain to Wix by Pointing Question Question
Issue with ubuntu 16.04 after migration Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
4 answers
jordaofranca April 24, 2021

You can actually do it by download the yaml file and adding it manually.

- cors:
    allow_headers:
    - '*'
    allow_methods:
    - GET
    - OPTIONS
    - POST
    - PUT
    - PATCH
    - DELETE
    allow_origins:
    - prefix: http://localhost:3001
Reply Report
  • roberttolton July 3, 2021

    Unfortunately this doesn’t seem to work, at least not anymore since the time of your post.

    I have added this to my App Spec, and it makes no difference - and is actually removed if you make any other changes to the App Spec via the UI.

    Reply Report
    • jordaofranca July 3, 2021

      Hi robert.It is working in my node express app. And yes, you need to add it again everytime you make any change to the config.

      Reply Report
      • roberttolton July 3, 2021

        Hm, that’s odd - maybe because I’m using PHP?
        Where have you placed the values, could you share your config?

        Either way, the fact that my app can’t set it’s own CORS headers is… bad.

        Reply Report
        • jordaofranca July 3, 2021 
          domains:
- domain: domain.com
  type: PRIMARY
  zone: domain.com
name: name
region: ams
services:
- cors:
    allow_headers:
    - '*'
    allow_methods:
    - GET
    - OPTIONS
    - POST
    - PUT
    - PATCH
    - DELETE
    allow_origins:
    - prefix: http://localhost:3001
    - prefix: https://anotheradress
  environment_slug: node-js
  envs:
  - key: ENV_VAR
    scope: RUN_AND_BUILD_TIME
    value: env_var_value
  github:
    branch: main
    deploy_on_push: true
    repo: githubrepo
  http_port: 3000
  instance_count: 1
  instance_size_slug: basic-xxs
  name: name
  routes:
  - path: /
  run_command: yarn start
          Reply Report
  • eduardott July 27, 2021

    Worked for me!

    Reply Report
  • hisamparker August 29, 2021

    Hey! I’m super new to YAML and web dev tbh. May I ask why cors has a dash (-) in front of it? My YAML has a cors below services and no dash… And I’m having cors issues so I’m wondering if that’s part of the problem.

    Thank you kindly!

    Reply Report
nickreynke November 4, 2020

I just opened an idea on their ideas page: https://ideas.digitalocean.com/ideas/APPX-I-94

If you need these two options, please upvote the idea! Thank you! :)

Reply Report
johnmesh4 January 14, 2021

I’m having the same issue. I want to allow certain headers in my requests. Any idea on how to solve it?

Reply Report
marketing41acc4 February 22, 2021

I am building an embedded app into another website. I would like to set “Access-Control-Allow-Origin” to “” and “Content-Security-Policy” to “frame-ancestors https://.xxx.com”

Is it possible to do so?

Reply Report

Related

Looking for something else?

Ask a new question Search for more help