App Platform: Could there be a "allow_headers" option for CORS?

Hey there.

I am getting the CORS error: “Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.”

This is due to not being able to set “allow_headers” in the App Specification file. (This key does not yet exist.)

Is there any way to do something about this?

Stay healthy! Nick

Related questions:


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

You can actually do it by download the yaml file and adding it manually.

- cors:
    - '*'
    - GET
    - POST
    - PUT
    - PATCH
    - DELETE
    - prefix: http://localhost:3001

I am building an embedded app into another website. I would like to set “Access-Control-Allow-Origin” to “" and “Content-Security-Policy” to "frame-ancestors”

Is it possible to do so?

I’m having the same issue. I want to allow certain headers in my requests. Any idea on how to solve it?

I just opened an idea on their ideas page:

If you need these two options, please upvote the idea! Thank you! :)