From 2a5966fc9e7ea66a4757c518f405ee897e54ed01 Mon Sep 17 00:00:00 2001 From: Timo Stamm Date: Wed, 30 Oct 2024 10:14:52 +0100 Subject: [PATCH] es/v2: Move "Common errors" to the FAQ Signed-off-by: Timo Stamm --- docs/faq.md | 12 ++++++++++++ docs/web/common-errors.md | 31 ------------------------------- 2 files changed, 12 insertions(+), 31 deletions(-) delete mode 100644 docs/web/common-errors.md diff --git a/docs/faq.md b/docs/faq.md index fa4e6b96..796a140a 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -381,6 +381,18 @@ response headers. You can set cookies with the `Set-Cookie` response header—fo ctx.responseHeader.append("Set-Cookie", "foo=bar; Max=Age=120") ``` +### Access to fetch from origin has been blocked by CORS policy + +When a web page requests a resource from another origin, the restrictions for Cross-Origin Resource Sharing apply. +The server has to allow the client to send and receive protocol-specific headers. We show how to set up a server in the [CORS documentation](./cors.md). + +One specific gotcha to be aware of involves a new header `Connect-Protocol-Version`. With the [v0.6.0 release](https://github.com/connectrpc/connect-es/releases/tag/v0.6.0) +of `@connectrpc/connect-web`, this header was added to all requests sent via the library. As a result, Connect clients +that were working prior may start experiencing CORS errors upon upgrading to `v0.6.0`. Note that this also only affects +Connect traffic. gRPC-Web traffic is unaffected. + +For more information on the `Connect-Protocol-Version` header, see [this PR](https://github.com/connectrpc/connect-go/pull/416). + ## Deployment ### How do I handle Authorization Bearer headers through middleware/interceptors? diff --git a/docs/web/common-errors.md b/docs/web/common-errors.md deleted file mode 100644 index 7bd8b6c5..00000000 --- a/docs/web/common-errors.md +++ /dev/null @@ -1,31 +0,0 @@ ---- -title: Common errors -sidebar_position: 10 ---- - -This page explains how to fix common errors when using Connect from a web browser - -## Access to fetch from origin has been blocked by CORS policy - -The basics of CORS apply with Connect from a browser and any resource it is attempting to access. For detailed -information, please view the [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) documentation. - -However, one specific gotcha to be aware of involves a new header `Connect-Protocol-Version`. With the -[v0.6.0 release](https://github.com/connectrpc/connect-es/releases/tag/v0.6.0) of `@connectrpc/connect-web`, this header was added to all requests sent via the -library. As a result, Connect clients that were working prior may start experiencing CORS errors upon upgrading to -`v0.6.0`. Note that this also only affects Connect traffic. gRPC-Web traffic is unaffected. - -The fix is to update your server configuration to add this header to the allowlist. For example, if your backend is -using the [Go CORS handler](https://github.com/rs/cors) library: - -```diff -handler := cors.New(cors.Options{ - // ... -- AllowedHeaders: []string{"X-Custom-Header"}, -+ AllowedHeaders: []string{"X-Custom-Header", "Connect-Protocol-Version"}, -} -``` - -For examples of working with a CORS setup in Connect for Node.js, see the [CORS](../node/server-plugins.md#cors) documentation. - -For more information on the `Connect-Protocol-Version` header, see [this PR](https://github.com/connectrpc/connect-go/pull/416).