-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing CORS headers for DELETE in API v2 #3165
Comments
Unlike the v1 API, v2 instead uses rs/cors to manage CORS headers. V1 blindly sends all CORS headers all the time, where v2 only sends the minimum required set of headers. When I set an
It appears that the browser must send the I believe your client-side application needs to send that header, and it seems that the server's behavior is correct. It only happened to work in v1 by chance, because v1 blindly sent all CORS headers on all responses. |
What is the status of this? As strongly hinted at by ribetm and hloeung in issue #3175, a naive fix is to replace https://github.com/prometheus/alertmanager/blob/main/api/v2/api.go#L132 handleCORS := cors.Default().Handler by handleCORS := cors.New(cors.Options{
AllowedMethods: []string{http.MethodGet, http.MethodPost, http.MethodHead, http.MethodDelete},
}).Handler since As for whether there is a (different?) problem client-side that has to do with an But it might be possible to pull some kind of trick, since the following somehow works even with
where |
Signed-off-by: Bram <bram@ii/nl>
Signed-off-by: Bram Otten <hcotten@pm.me>
What did you do?
What did you expect to see?
What did you see instead? Under which circumstances?
OPTIONS
and the actualDELETE
DELETE
request, since the preflight request failedIt seems like the CORS policy of API v1 allowed
GET, POST, DELETE, OPTIONS
, while API v2 usesrs/cors
default configuration, which only allowsGET, POST, HEAD
.Workaround
Add missing headers in Nginx
Environment
System information:
Linux 5.4.0-48-generic x86_6
Alertmanager version:
The text was updated successfully, but these errors were encountered: