I’m trying to post comments to my Discourse instance from another web application using user api keys. I managed to get the user key following the method described in your original topic and this other useful discussion.
After getting the key, when I send it along with my requests as a value of the User-Api-Key header, I get the Request header field User-Api-Key is not allowed by Access-Control-Allow-Headers error.
As I asked in my PR, I’m not sure if it’s enough to add the headers in the file config/initializers/004-message_bus.rb or we need to add them also in the file discourse/config/initializers/008-rack-cors.rb.