Comments (5)
timostamm
commented on June 6, 2024
You cannot include credentials with Access-Control-Allow-Origin: *. You have to allow specific origins instead.
This is unrelated to protobuf-ts - it's how browsers handle cross-origin requests. You will not be able to work around this with simple requests or no-cors mode.
from protobuf-ts.
hengyunabc
commented on June 6, 2024
@timostamm Thank you for your reply.
Sorry, I made a mistake above. Setting Access-Control-Allow-Headers to * is not allowed.
Currently I set Access-Control-Allow-Origin to aaa.test.com.
I tested that if use the fetch api, you can specify headers and there will be no extra headers. At the same time, set Access-Control-Request-Headers: client-id on the server side, so that the server can handle the request correctly.
fetch("https://aaa.test.com/servic/method", {
"headers": {
"accept": "application/grpc-web-text",
"client-id": "xxxx",
}
"
Is there any way to control headers when using protobuf-ts?
from protobuf-ts.
timostamm
commented on June 6, 2024
At the same time, set Access-Control-Request-Headers: client-id on the server side, so that the server can handle the request correctly.
That's incorrect. Access-Control-Request-Headers is a header sent by the browser automatically for preflight requests.
You'll have to spend some time to read up on the documentation for CORS, run some examples yourself, and set up CORS correctly on your server. I highly recommend to use a CORS middleware if available.
The gRPC-web transport just uses fetch. It adds a couple of protocol-specific headers that you should not remove, otherwise your gRPC-web requests are broken. You can add your own headers via RPC options, see the manual.
from protobuf-ts.
jcready
commented on June 6, 2024
@hengyunabc the grpc-web transport must set the Content-Type request header to application/grpc-web-text or application/grpc-web+proto. This is probably the bare minimum headers your server will need to respond with to work with CORS grpc-web requests:
Access-Control-Allow-Methods: OPTIONS, POST
Access-Control-Allow-Headers: accept, content-type, grpc-timeout, x-grpc-web
Access-Control-Expose-Headers: grpc-message, grpc-status
from protobuf-ts.
hengyunabc
commented on June 6, 2024
Thanks for replies, I made a stupid mistake.
Access-Control-Request-Headers are sent by the browser to the server.
Access-Control-Allow-Headers is sent by the server to the browser.
The browser will send the following request header to the server:
Access-Control-Request-Headers: bx-v,cache-control,client-id,content-type,pragma,x-grpc-web
So server needs to return:
Access-Control-Allow-Headers: bx-v,cache-control,client-id,content-type,pragma,x-grpc-web
If Access-Control-Allow-Headers: * is returned, or Access-Control-Allow-Headers: client-id is returned, it will fail.
from protobuf-ts.
Related Issues (20)
- Enhancement: Generate specialized `mergePartial()` method when `optimize_for = SPEED`
- Decoding protobuf response HOT 8
- RpcError: unexpected response content type: application/grpc HOT 5
- How does grpc-web use Secure Transport
- Whether vue3 ssr is supported? HOT 2
- Why is a descriptor.ts generated? HOT 5
- Serializing stream to binary. HOT 2
- TypeScript linting/compiler issues with generated client HOT 2
- Add RpcOptions to Client-Stub constructor? HOT 6
- unused parameters in the empty.ts are causing TypeScript check errors HOT 6
- Global `Object` is not referenced when there is a message named Object. HOT 2
- Proto2 required fields are not serialized when they are the default value HOT 3
- Is this compiling error could be turned off by Typescript or Option in protobuf-ts HOT 2
- 2.9.2 not working with 'exactOptionalPropertyTypes: true' HOT 1
- Release 2.9.3 breaks serialization for me HOT 6
- Generated message classes cannot be subclassed because of missing 'export' HOT 1
- Error decoding from binary: "cant skip wire type 4" HOT 1
- How to debug INVALID_ARGUMENT? HOT 1
- Missing headers on RPCError HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from protobuf-ts.