nspcc-dev/panel-fs-neo-org
1
0
Fork 0
mirror of https://github.com/nspcc-dev/panel-fs-neo-org.git synced 2026-03-01 04:29:25 +00:00
Code Issues 8 Projects Packages Wiki Activity

CORS does not allow to get the object's headers #121

New issue
Closed
opened 2025-12-28 18:07:10 +00:00 by sami · 7 comments
sami commented 2025-12-28 18:07:10 +00:00
Owner
Copy link

Originally created by @mike-petrov on GitHub (Dec 11, 2024).

Originally assigned to: @532910 on GitHub.

Current Behavior

CORS does not allow to get the object's headers

Object shared link (/getobject):

  • with cors:
    image

  • without cors:
    image

Originally created by @mike-petrov on GitHub (Dec 11, 2024). Originally assigned to: @532910 on GitHub. ## Current Behavior `CORS` does not allow to get the object's headers Object shared link (`/getobject`): - with cors: <img width="600" alt="image" src="https://github.com/user-attachments/assets/42bcc3a8-00bc-40bd-87f4-97d1efbf3453"> - without cors: <img width="600" alt="image" src="https://github.com/user-attachments/assets/519a3b98-9b17-42f1-9630-aacd40b5113d">
sami 2025-12-28 18:07:10 +00:00
  • closed this issue
  • added the
    S4
    bug
    U2
    I4
         labels
sami commented 2025-12-28 18:07:10 +00:00
Author
Owner
Copy link

@mike-petrov commented on GitHub (Dec 11, 2024):

Only standard headers can be read from another domain, in our case we can't get custom object headers because of cors: https://web.dev/articles/introduction-to-fetch#response_types, but we can specify Access-Control-Allow-Origin parameter in backend for domain panel.fs.neo.org, @roman-khimov is this possible?

@mike-petrov commented on GitHub (Dec 11, 2024): Only standard headers can be read from another domain, in our case we can't get custom object headers because of cors: https://web.dev/articles/introduction-to-fetch#response_types, but we can specify `Access-Control-Allow-Origin` parameter in backend for domain panel.fs.neo.org, @roman-khimov is this possible?
sami commented 2025-12-28 18:07:11 +00:00
Author
Owner
Copy link

@roman-khimov commented on GitHub (Dec 11, 2024):

I'm not excited about this idea. This REST gateway is supposed to be app-agnostic, not configured or even used for any specific application.

@roman-khimov commented on GitHub (Dec 11, 2024): I'm not excited about this idea. This REST gateway is supposed to be app-agnostic, not configured or even used for any specific application.
sami commented 2025-12-28 18:07:11 +00:00
Author
Owner
Copy link

@mike-petrov commented on GitHub (Dec 12, 2024):

Yes, I absolutely agree, but I had no other solutions. But today I thought that we can do the same as in send-fs-neo-org, that is through nginx to proxy the call to rest and this way we will get rid of cors and will address within the same domain:

This method works for send-fs-neo-org.

@mike-petrov commented on GitHub (Dec 12, 2024): Yes, I absolutely agree, but I had no other solutions. But today I thought that we can do the same as in [send-fs-neo-org](https://github.com/nspcc-dev/send-fs-neo-org/), that is through nginx to proxy the call to rest and this way we will get rid of cors and will address within the same domain: - https://github.com/nspcc-dev/send-fs-neo-org/blob/master/src/api.ts#L53 - https://github.com/nspcc-dev/send-fs-neo-org/blob/master/README.md#nginx-config-example-on-the-production-server This method works for send-fs-neo-org.
sami commented 2025-12-28 18:07:11 +00:00
Author
Owner
Copy link

@roman-khimov commented on GitHub (Dec 12, 2024):

That was my thought as well, but this breaks the simplicity of panel.fs.neo.org somewhat, it was using REST as is and it's mostly fine this way.

@roman-khimov commented on GitHub (Dec 12, 2024): That was my thought as well, but this breaks the simplicity of `panel.fs.neo.org` somewhat, it was using REST as is and it's mostly fine this way.
sami commented 2025-12-28 18:07:11 +00:00
Author
Owner
Copy link

@roman-khimov commented on GitHub (Jan 3, 2025):

Can Access-Control-Expose-Headers help us?

@roman-khimov commented on GitHub (Jan 3, 2025): Can `Access-Control-Expose-Headers` help us?
sami commented 2025-12-28 18:07:11 +00:00
Author
Owner
Copy link

@mike-petrov commented on GitHub (Jan 13, 2025):

Looks like something that should solve our problem, I've never seen it, maybe @532910 knows?

@mike-petrov commented on GitHub (Jan 13, 2025): [Looks](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers) like something that should solve our problem, I've never seen it, maybe @532910 knows?
sami commented 2025-12-28 18:07:11 +00:00
Author
Owner
Copy link

@mike-petrov commented on GitHub (Jul 23, 2025):

added Access-Control-Expose-Headers by @532910

@mike-petrov commented on GitHub (Jul 23, 2025): added `Access-Control-Expose-Headers` by @532910
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
174-allow-sharing-files-to-accounts
feature/189-allow_to_manage_verifiable_domains
v0.8.1
v0.8.0
v0.7.0
v0.6.0
v0.5.3
v0.5.2
v0.5.1
v0.5.0
v0.4.0
v0.3.1
v0.3.0
v0.2.1
v0.2.0
v0.1.0
Labels
Clear labels   
I1

   
I2

   
I3

   
I4

   
S0

   
S2

   
S2

   
S3

   
S4

   
U0

   
U1

   
U2

   
U3

   
U4

   
blocked

   
bug

   
enhancement

   
epic

   
feature

   
security

   
task
No labels
I1
I2
I3
I4
S0
S2
S2
S3
S4
U0
U1
U2
U3
U4
blocked
bug
enhancement
epic
feature
security
task
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
nspcc-dev/panel-fs-neo-org#121
No description provided.