|
Recent UI work which adds the request option 'credentials: "include"' to the FOLIO API is seeping into previous releases (MG and Nolana) of platform-complete Stripes builds which is breaking functionality in the data-export application and possibly elsewhere. Specifically, when a file of UUIDs is uploaded to the data-export app, the request is blocked by the browser for a CORS policy violation error. Chrome, for example, reports:
"Access to XMLHttpRequest at 'https://folio-nolana-okapi.dev.folio.org/data-export/file-definitions/68140824-65ba-43c3-9a50-fa6b18ad5ad1/upload' from origin 'https://folio-nolana.dev.folio.org' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute."
The problem can be duplicated on both the MG and Nolana reference builds: https://folio-morning-glory.dev.indexdata.com and https://folio-nolana.dev.indexdata.com. Interestingly the issue does not manifest itself on current folio-snapshot builds. Therefore, I believe the credentials: "include" option change is not compatible with older UI code.
|