I get this error message when trying to use User API key as described in User API keys specification.
I think User-Api-Key and User-Api-Client-Id should be added to Access-Control-Allow-Headers header as defined in https://github.com/discourse/discourse/blob/master/config/initializers/004-message_bus.rb#L18.
Here is a PR that fixes this little bug.
Hmmm, can you explain how you are consuming the user API, I am not against adding this, just would like some clarification here.
I’m trying to post comments to my Discourse instance from another web application using user api keys. I managed to get the user key following the method described in your original topic and this other useful discussion.
After getting the key, when I send it along with my requests as a value of the User-Api-Key header, I get the Request header field User-Api-Key is not allowed by Access-Control-Allow-Headers error.
As I asked in my PR, I’m not sure if it’s enough to add the headers in the file config/initializers/004-message_bus.rb or we need to add them also in the file discourse/config/initializers/008-rack-cors.rb.
For comment posting it would be rack cors, message bus would only impact subscribing to the bus.
Ok, thank you for your explanation. I updated my PR accordingly.
This is now merged in, thanks!
This topic was automatically closed after 29 hours. New replies are no longer allowed.