Hi, I am uploading large video using tus. I followed Getting CORS using tus (Direct creator uploads) - Developers / Stream - Cloudflare Community

my own server is using a bearer token for authorization, however, when uppy post to upload url after 201, it’s including the my own bearer token as well, and the request would fail with ’ Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.’ my code looks like

  uppy.use(Tus, {
    endpoint: '${host}/streams/upload',
    chunkSize: 1024 * 1024 * 40,
    retryDelays: [0],
    headers: {
      Authorization: `${bearerToken}`,
    },

If I do a hack to remove the auth header, everything works, however, the endpoint itself needs to be authorized, and I can’t add any header or post body,

  uppy.use(Tus, {
    endpoint: '${host}/streams/upload',
    chunkSize: 1024 * 1024 * 40,
    retryDelays: [0]

This works, but in this way I can’t authenticate the my user.

How should I do authentication on my sever whilte keep videodelivery happy?

Thanks

Hello sir,
I had the same problem as you had,
I think that Cloudflare protocol overwrite the “Authorization” header for some reasons.
So i changed the key of my header to a custom name (for example : “UploadVerification”) and it works properly now, i can get it from server side by calling $_SERVER[“HTTP_UPLOADVERIFICATION”].
you can try :

uppy.use(Tus, {
    endpoint: '${host}/streams/upload',
    chunkSize: 1024 * 1024 * 40,
    retryDelays: [0],
    headers: {
      UploadVerification: `${bearerToken}`,
    },

i wish this helps you ^.^