Skip to content

From v7.6.0: Client request via REST API - CORS Missing Allow Origin responds #36054

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
web-uni-jena opened this issue May 22, 2025 · 1 comment · Fixed by #36085 or #36139
Closed

From v7.6.0: Client request via REST API - CORS Missing Allow Origin responds #36054

web-uni-jena opened this issue May 22, 2025 · 1 comment · Fixed by #36085 or #36139
Assignees
@ggazzo

Comments

@web-uni-jena
Copy link

Description:

When I try to retrieve the configuration for the live chat via the REST API, I get an incomplete header for the CORS headers in response. This leads to a CORS error in the browser on the client side if you request the endpoint via JS, for example.

The response header Access-Control-Allow-Origin: * is missing although the settings Enable CORS and CORS Origin=* are enabled in the configuration /admin/settings/General -> REST API

Steps to reproduce:

  1. Enable CORS and CORS Origin=* are enabled in the configuration /admin/settings/General
  2. Make a request via cURL to the configuration https://developer.rocket.chat/apidocs/get-livechat-configurations

Expected behavior:

Required response header for CORS

Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, X-User-Id, X-Auth-Token, x-visitor-token, Authorization
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, HEAD, PATCH

Actual behavior:

one response header for CORS is missing

Access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, X-User-Id, X-Auth-Token, x-visitor-token, Authorization
Access-control-allow-methods: GET, POST, PUT, DELETE, HEAD, PATCH

Server Setup Information:

  • Version of Rocket.Chat Server: Version v7.6.0
  • License Type:
  • Number of Users:
  • Operating System:
  • Deployment Method: docker
  • Number of Running Instances: 1
  • DB Replicaset Oplog:
  • NodeJS Version: v22.13.1
  • MongoDB Version: 8.0.6

Client Setup Information

  • Desktop App or Browser Version: via CURL or JS appl.
  • Operating System: Linux/Win

Additional context

Relevant logs:
@MelkorCC
Copy link

MelkorCC commented May 22, 2025
edited
Loading

I can confirm that the problem also exists for me, my guess is this regression was introduced somewhere in #35078

@ggazzo ggazzo self-assigned this May 26, 2025
@sampaiodiego sampaiodiego mentioned this issue May 26, 2025
Merged
@sampaiodiego sampaiodiego mentioned this issue Jun 3, 2025
Merged
@sampaiodiego sampaiodiego linked a pull request Jun 3, 2025 that will close this issue
fix: CORS headers incorrectly set for GET #36139
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ggazzo ggazzo

Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@ggazzo @sampaiodiego @MelkorCC @web-uni-jena