CORS Missing Allow Origin #67

New issue

Closed

opened 2025-12-28 18:00:02 +00:00 by sami · 1 comment

sami commented

2025-12-28 18:00:02 +00:00

Owner

Originally created by @roman-khimov on GitHub (Mar 19, 2024).

Originally assigned to: @tatiana-nspcc on GitHub.

Current Behavior

OPTIONS made with

scheme
	https
host
	rest.fs.neo.org
filename
	/v1/auth/bearer
walletConnect
	true

Leads to GET https://rest.fs.neo.org/v1/auth/bearer?walletConnect=true being blocked by browser because of "CORS Missing Allow Origin".

Response to options:

HTTP/2 200 OK
server: nginx
date: Tue, 19 Mar 2024 13:17:23 GMT
content-type: application/json; charset=UTF-8
content-length: 17
access-control-allow-headers: X-Bearer-For-All-Users, X-Bearer-Lifetime, X-Bearer-Owner-Id, X-Bearer-Signature, X-Bearer-Signature-Key, Content-Type, Authorization
access-control-allow-methods: GET
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubDomains
content-security-policy: frame-ancestors 'none';
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: same-origin
X-Firefox-Spdy: h2

Expected Behavior

Panel working fine.

Steps to Reproduce

Can be reproduced with panel.fs.neo.org if you're to sign an object operations token.

Context

panel.fs.neo.org is broken because of this.

Regression

Yes, 0.7.2 handled this fine.

Your Environment

Version of the product used: 0.8.0

Originally created by @roman-khimov on GitHub (Mar 19, 2024). Originally assigned to: @tatiana-nspcc on GitHub. ## Current Behavior OPTIONS made with ``` scheme https host rest.fs.neo.org filename /v1/auth/bearer walletConnect true ``` Leads to `GET https://rest.fs.neo.org/v1/auth/bearer?walletConnect=true` being blocked by browser because of "CORS Missing Allow Origin". Response to options: ``` HTTP/2 200 OK server: nginx date: Tue, 19 Mar 2024 13:17:23 GMT content-type: application/json; charset=UTF-8 content-length: 17 access-control-allow-headers: X-Bearer-For-All-Users, X-Bearer-Lifetime, X-Bearer-Owner-Id, X-Bearer-Signature, X-Bearer-Signature-Key, Content-Type, Authorization access-control-allow-methods: GET access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubDomains content-security-policy: frame-ancestors 'none'; x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block referrer-policy: same-origin X-Firefox-Spdy: h2 ``` ## Expected Behavior Panel working fine. ## Steps to Reproduce Can be reproduced with panel.fs.neo.org if you're to sign an object operations token. ## Context panel.fs.neo.org is broken because of this. ## Regression Yes, 0.7.2 handled this fine. ## Your Environment * Version of the product used: 0.8.0