Question

App Platform: Could there be a "allow_headers" option for CORS?

Posted November 3, 2020 1.9k views
Configuration ManagementCI/CDDigitalOcean App Platform

Hey there.

I am getting the CORS error: “Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.”

This is due to not being able to set “allow_headers” in the App Specification file. (This key does not yet exist.)

Is there any way to do something about this?

Stay healthy!
Nick

Related questions:

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
4 answers

You can actually do it by download the yaml file and adding it manually.

- cors:
    allow_headers:
    - '*'
    allow_methods:
    - GET
    - OPTIONS
    - POST
    - PUT
    - PATCH
    - DELETE
    allow_origins:
    - prefix: http://localhost:3001
  • Unfortunately this doesn’t seem to work, at least not anymore since the time of your post.

    I have added this to my App Spec, and it makes no difference - and is actually removed if you make any other changes to the App Spec via the UI.

    • Hi robert.It is working in my node express app. And yes, you need to add it again everytime you make any change to the config.

      • Hm, that’s odd - maybe because I’m using PHP?
        Where have you placed the values, could you share your config?

        Either way, the fact that my app can’t set it’s own CORS headers is… bad.

        • domains:
          - domain: domain.com
            type: PRIMARY
            zone: domain.com
          name: name
          region: ams
          services:
          - cors:
              allow_headers:
              - '*'
              allow_methods:
              - GET
              - OPTIONS
              - POST
              - PUT
              - PATCH
              - DELETE
              allow_origins:
              - prefix: http://localhost:3001
              - prefix: https://anotheradress
            environment_slug: node-js
            envs:
            - key: ENV_VAR
              scope: RUN_AND_BUILD_TIME
              value: env_var_value
            github:
              branch: main
              deploy_on_push: true
              repo: githubrepo
            http_port: 3000
            instance_count: 1
            instance_size_slug: basic-xxs
            name: name
            routes:
            - path: /
            run_command: yarn start
          
  • Hey! I’m super new to YAML and web dev tbh. May I ask why cors has a dash (-) in front of it? My YAML has a cors below services and no dash… And I’m having cors issues so I’m wondering if that’s part of the problem.

    Thank you kindly!

I just opened an idea on their ideas page: https://ideas.digitalocean.com/ideas/APPX-I-94

If you need these two options, please upvote the idea! Thank you! :)

I’m having the same issue. I want to allow certain headers in my requests. Any idea on how to solve it?

I am building an embedded app into another website. I would like to set “Access-Control-Allow-Origin” to “” and “Content-Security-Policy” to “frame-ancestors https://.xxx.com”

Is it possible to do so?