You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Due to tightly configured Access-Control-Allow-Headers headers, extraneous headers can interfere with CORS validation when hitting external APIs. In particular, I ran into an issue with the x-requested-with header not being permitted while playing with the stablehorde API described here.
Unless there's a way to disable/remove these headers, it's probably better (i.e. most flexible) to require users to set them deliberately.
Expected behavior
Only the explicitly configured headers are submitted, or there's a way to remove automatic headers
To Reproduce
No response
Screenshots
No response
TiddlyWiki Configuration
Version 5.3.1
Saving mechanism: Any
Desktop (please complete the following information):
You access the "horde api" from TW. That's interesting. I do have an internet facing horde server. Do you intend to publish some more info about that project.
Describe the bug
Due to tightly configured Access-Control-Allow-Headers headers, extraneous headers can interfere with CORS validation when hitting external APIs. In particular, I ran into an issue with the x-requested-with header not being permitted while playing with the stablehorde API described here.
Unless there's a way to disable/remove these headers, it's probably better (i.e. most flexible) to require users to set them deliberately.
Expected behavior
Only the explicitly configured headers are submitted, or there's a way to remove automatic headers
To Reproduce
No response
Screenshots
No response
TiddlyWiki Configuration
Desktop (please complete the following information):
Additional context
#8148
The text was updated successfully, but these errors were encountered: