Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access-Control-Allow-Origin header is not set on static files in dev mode #7664

Closed
rassie opened this issue Nov 15, 2022 · 2 comments · Fixed by #7688
Closed

Access-Control-Allow-Origin header is not set on static files in dev mode #7664

rassie opened this issue Nov 15, 2022 · 2 comments · Fixed by #7688

Comments

@rassie
Copy link

rassie commented Nov 15, 2022

Describe the bug

In dev mode, the server is supposed to set Access-Control-Allow-Origin: * on every request. This is the case for some older versions of SvelteKit, like 1.0.0-next.193. However, in new versions, this header is omitted on static assets.

Reproduction

$ npm create svelte@latest my-app 

create-svelte version 2.0.0-next.190

Welcome to SvelteKit!

This is release candidate software; expect bugs and missing features.

Problems? Open an issue on https://github.com/sveltejs/kit/issues if none exists already.

✔ Which Svelte app template? › SvelteKit demo app
✔ Add type checking with TypeScript? › Yes, using TypeScript syntax
✔ Add ESLint for code linting? … No / Yes
✔ Add Prettier for code formatting? … No / Yes
✔ Add Playwright for browser testing? … No / Yes
[... snip ...]

$ cd my-app
$ npm install && npm run dev

  VITE v3.2.3  ready in 737 ms

  ➜  Local:   http://localhost:5176/
  ➜  Network: use --host to expose

Then, in other window:

$ curl -I http://localhost:5176
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
content-type: text/html
etag: "ww3y0i"
x-sveltekit-page: true
Date: Tue, 15 Nov 2022 13:50:53 GMT
Connection: keep-alive
Keep-Alive: timeout=5

$ curl -I http://localhost:5176/favicon.png
HTTP/1.1 200 OK
Content-Length: 1571
Content-Type: image/png
Last-Modified: Tue, 15 Nov 2022 13:49:27 GMT
ETag: W/"1571-1668520167945"
Cache-Control: no-cache
Date: Tue, 15 Nov 2022 13:51:26 GMT
Connection: keep-alive
Keep-Alive: timeout=5

Logs

No response

System Info

System:
    OS: Linux 5.15 Ubuntu 20.04.5 LTS (Focal Fossa)
    CPU: (16) x64 Intel(R) Core(TM) i9-9880H CPU @ 2.30GHz
    Memory: 11.29 GB / 62.49 GB
    Container: Yes
    Shell: 5.0.17 - /bin/bash
  Binaries:
    Node: 16.17.1 - /usr/bin/node
    Yarn: 1.22.19 - /usr/bin/yarn
    npm: 8.15.0 - /usr/bin/npm
  Browsers:
    Chrome: 106.0.5249.119
    Firefox: 105.0
  npmPackages:
    @sveltejs/adapter-auto: next => 1.0.0-next.87 
    @sveltejs/kit: next => 1.0.0-next.546 
    svelte: ^3.46.0 => 3.53.1 
    vite: ^3.1.0 => 3.2.3

Severity

blocking an upgrade

Additional Information

No response
@benmccann
Copy link
Member

#7543 will rip out our static file serving and replace it with Vite's

@rassie
Copy link
Author

rassie commented Nov 15, 2022

Is there a workaround until that is merged?

Rich-Harris added a commit that referenced this issue Nov 16, 2022
@Rich-Harris
add ACAO: * to static assets in dev - closes #7664
1ee66c1
@Rich-Harris Rich-Harris mentioned this issue Nov 16, 2022
Merged
5 tasks
Rich-Harris added a commit that referenced this issue Nov 16, 2022
@Rich-Harris
add ACAO: * to static assets in dev - closes #7664 (#7688)
1663542
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add ACAO: * to static assets in dev sveltejs/kit
2 participants
@rassie @benmccann