MALIO-DEV/SIRH
4
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases 67 Wiki Activity

fix(audit) : autorise l'en-tête X-Device-Id en CORS (débloque le front)

Browse Source 
Le front envoie X-Device-Id sur toutes les requêtes (cross-origin :3001 -> :8081).
Sans l'ajouter à allow_headers, le préflight CORS échoue et le navigateur bloque
toutes les requêtes API. Vérifié : préflight OPTIONS passe de 400 à 200.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Autin
2026-06-24 10:49:04 +02:00
parent 8c1cd6704e
commit 95bf8c4c0a
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config/packages/nelmio_cors.yaml
+1 -1
View File
@@ -3,7 +3,7 @@ nelmio_cors:
origin_regex: true
allow_origin: ['%env(CORS_ALLOW_ORIGIN)%']
allow_methods: ['GET', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE']
allow_headers: ['Content-Type', 'Authorization']
allow_headers: ['Content-Type', 'Authorization', 'X-Device-Id']
allow_credentials: true
expose_headers: ['Link', 'Content-Disposition']
max_age: 3600