This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

CORS headers missing in 301 redirect origin request

Posted on 12-14-2022 09:48 AM
danielbakas
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi there!!

I'm having issues with my "Website" 301 redirect from Google Domains.

This is the origin `curl`

 

curl --head https://id.danielbakas.com
HTTP/2 301 
location: https://pod.danielbakas.com/profile/card
date: Wed, 14 Dec 2022 17:36:39 GMT
content-type: text/html; charset=UTF-8
server: ghs
content-length: 237
x-xss-protection: 0
x-frame-options: SAMEORIGIN

 

 And this is the destination `curl`

 

curl --head https://pod.danielbakas.com/profile/card
HTTP/1.1 200 OK
Vary: Accept,Authorization,Origin
X-Powered-By: Community Solid Server
Updates-Via: wss://pod.danielbakas.com/
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Accept-Patch,Accept-Post,Accept-Put,Allow,ETag,Last-Modified,Link,Location,Updates-Via,WAC-Allow
Allow: OPTIONS, HEAD, GET, PATCH, PUT, DELETE
Accept-Patch: text/n3, application/sparql-update
Accept-Put: */*
Content-Type: text/turtle
Link: <http://www.w3.org/ns/ldp#Resource>; rel="type"
Link: <https://pod.danielbakas.com/profile/card.meta>; rel="describedby"
Link: <https://pod.danielbakas.com/profile/card.acl>; rel="acl"
Last-Modified: Mon, 12 Dec 2022 20:21:11 GMT
ETag: "1670876471000"
WAC-Allow: user="read",public="read"
Date: Wed, 14 Dec 2022 17:38:07 GMT
Connection: keep-alive
Keep-Alive: timeout=5

 

As you can see, all the `Access-Control` headers are missing from the origin response.

Any idea on how to fix this?

Thank you so much!

0 1 1,094
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
dionv
Staff
Reply posted on --/--/---- --:-- AM

Hello danielbaks,

Looking through your concern, I found a similar case and answered by Joachim Isaksson from StackOverflow

"

The reason CORS isn't working is that your link gives a "301 Moved Permanently" without a CORS header, redirecting to another link.

The link it redirects to sends the header, however it seems CORS has already given up the preflight on the first response.

Passing back a "Access-Control-Allow-Origin" header with the 301 may solve your problem, that should allow the preflight to continue."

In addition, you can check this 3rd-party documentation for the steps provided on how to fix the concern.

0 Likes
Top Labels in this Space
Top Solution Authors
View all