CORS failure with custom host (Reason: expected ‘true’ in CORS header ‘Access-Control-Allow-Credentials’)

Open on Drupal.org →

Created on 10 July 2022, over 2 years ago

Updated 10 December 2024, 2 months ago

Problem/Motivation

Upon attempting to upload files to an s3 bucket with a custom host, I receive this error:

expected ‘true’ in CORS header ‘Access-Control-Allow-Credentials’

Steps to reproduce

install s3fs and s3fs_cors modules
configure to connect to custom linode or digital ocean hosted s3 bucket
validate configuration through the ui (successfully)
attempt to upload a media entity
receive the above mentioned message in the browser console as the reason for CORS failure

Proposed resolution

Remove withCredentials: true from the ajax request

Doing so for DigitalOcean and Linode S3 endpoints fixes the issue, as neither of these providers return Access-Control-Allow-Credentials in OPTIONS response headers.

Remaining tasks

Review patch to make sure it does not have any unanticipated consequences

🐛 Bug report

Status

Active

Version

1.0

Component

Code

Created by

🇺🇸United States MegaKeegMan

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment 2 months ago →
🇺🇸United States MegaKeegMan
New patch for 8.x-1.1
Comment 2 months ago →
🇺🇸United States MegaKeegMan
If I add a configuration option to do this, what are the chances of a merge?
Comment 2 months ago →
🇺🇸United States MegaKeegMan
Comment 2 months ago →
heddn Nicaragua
Adding a config toggle, especially in combination with ✨ CORS configuration update should be distinct from configuration save Needs review is a very reasonable idea.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024