Authorization header is send to videodelivery.net following 201, causing CORS error

Hi, I am uploading large video using tus. I followed Getting CORS using tus (Direct creator uploads) - Developers / Stream - Cloudflare Community

my own server is using a bearer token for authorization, however, when uppy post to upload url after 201, it’s including the my own bearer token as well, and the request would fail with ’ Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.’ my code looks like

  uppy.use(Tus, {
    endpoint: '${host}/streams/upload',
    chunkSize: 1024 * 1024 * 40,
    retryDelays: [0],
    headers: {
      Authorization: `${bearerToken}`,
    },

If I do a hack to remove the auth header, everything works, however, the endpoint itself needs to be authorized, and I can’t add any header or post body,

  uppy.use(Tus, {
    endpoint: '${host}/streams/upload',
    chunkSize: 1024 * 1024 * 40,
    retryDelays: [0]

This works, but in this way I can’t authenticate the my user.

How should I do authentication on my sever whilte keep videodelivery happy?

Thanks

1 Like