Set "Access-Control-Allow-Origin" header in webhook

Serena · March 17, 2020, 10:33pm

I’m trying to set a custom value for the “Access-Control-Allow-Origin” header returned by a webhook. Here’s my webhook code:

type WebhookResult = {
  statusCode: number,
  headers: object,
  body: string,
};

export default async (event: any, ctx: any) : Promise<WebhookResult> => {

  return {
    statusCode: 200,
    headers: {
      "Access-Control-Allow-Origin": "https://example.com",
    },
    body: JSON.stringify({
      "response": {
        "message": "Success"
      }
    })
  };
};

However, when I receive the actual response after querying the webhook endpoint, the “Access-Control-Allow-Origin” is set to “*”. I need to set a specific value, rather a wildcard, so this won’t do.

Why is my custom value for the “Access-Control-Allow-Origin” getting overwritten? How can I prevent this from happening?

sebastian.scholl · March 17, 2020, 11:18pm

@evgeny.semushin do we currently have a way to accomplish this???

Serena · March 17, 2020, 11:45pm

The other custom headers that I’m setting are being passed perfectly fine…I hope it will work for “Access-Control-Allow-Origin” too! It’s not a spec requirement that I can change, so if I can’t set the value for “Access-Control-Allow-Origin” then I might not be able to use 8base

evgeny.semushin · March 18, 2020, 6:03pm

@Serena can you please try again. Should be fixed now

Serena · March 18, 2020, 6:58pm

Thank you @evgeny.semushin! It’s working now!

Serena · April 27, 2020, 5:29pm

Hi @evgeny.semushin @sebastian.scholl.

This has stopped working. In addition, I’m not longer seeing the other headers that I’m setting.

The response I’m sending back from my webhook includes these headers:

  "headers": {
    "Access-Control-Allow-Origin": "[MY VALUE]",
    "AMP-Access-Control-Allow-Source-Origin": "[MY VALUE]",
    "Access-Control-Expose-Headers": "[MY VALUE]"
  },

And the actual headers that I’m seeing in the network response tab are:

access-control-allow-origin: *
[The other two headers aren't even here]

Can you take a look at this? It makes me nervous that this has changed. If it changes after we launch it will break our entire product (and we have no control over it - these headers must be set the way I’m trying to set them or it will not work).

evgeny.semushin · April 27, 2020, 6:05pm

I just deployed my test project with your headers and everything works as expected.

example of weebhook:

export default async (event: any, ctx: any) : Promise<any> => {

  console.log("calling webhook", event);

  return {
    statusCode: 200,
    headers: {
      "Access-Control-Allow-Origin": "https://example1.com",
      "AMP-Access-Control-Allow-Source-Origin": "test",
      "Access-Control-Expose-Headers": "another_test"
    },
    body: JSON.stringify({
      result: `Webhook recieved`,
    }),
  };
};

and these are response headers:
https://monosnap.com/file/N75p6vTqkZyYRq8EAzXNTc773BB8jE

Can you please try to leave only “return” in your webhook similar to what I sent above and see if you are getting correct headers?

Serena · April 27, 2020, 6:29pm

Ugh, this must be my bad! I think I’m failing to send the headers back when there’s an error. I’ll double check and make sure after lunch. Sorry!

Serena · April 27, 2020, 8:18pm

Yep, this was on my end. Sorry! Thanks for the quick response.

sebastian.scholl · May 14, 2020, 4:15pm