-
-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
http component with enabled CORS doesnt handle all http methods due to bug in aiohttp.cors lib #40513
Comments
Same error for URL homeassistant.local/auth/providers, it doesnt respect |
@robbiet480 could you comment this ? |
Sorry, I implemented CORS years ago and it's been rewritten multiple times since. Won't be much help here. |
Found in http.py file following lines
more http.py code
so it is intentionally skipping CORS headers ? why ? |
Confirmed, if remove this line Last problem is, INGRESS uses SESSION COOKIE, no Authorization Header, so we need to provide cookie to different domain |
1) CORS passing credentials done! ( Session Cookie for Addons )
2) BUG still persists while making POST to /api/hassio/ingress/session p.s strange thing is OPTION header works fine with CORS headers included, but when making POST request it skipping CORS headers 3) /api/hassio_ingress и /api/hassio/{path} ingress/session |
Finally solved CORS issueDue to bug in aiohttp-cors lib , as workaround offered in discussion thread following changes are made:
Full code here
|
Discussion of that topic here home-assistant#40513 Due to bug in aiohttp-cor issue 155, we need use router.routes rather than router.resources, so all http methods will be with CORS
Power of open source community @balloob we can close issue, if this workaround will be made |
There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates. |
The problem
Noticed strange behaviour, when making XHR POST request from different domain ex: helloworld.com to homeassistant.local/api/hassio/ingress/session browser throws error
Before that request, browser sends preflight OPTION request, which has in response following CORS headers :
after that browser make real POST request to http://homeassistant.local/api/hassio/ingress/session,
but no CORS headers is presented in response :(, WHY ?
All other requests to api/auth with CORS setting specified work as expected!
Environment
Problem-relevant
configuration.yaml
configuration.yaml
Traceback/Error logs
Additional information
Options preflight request
POST request
The text was updated successfully, but these errors were encountered: