The git handler in src/handlers/git.js doesn't whitelist the git-protocol header in CORS preflight (OPTIONS) responses. This blocks browser-side git clients (e.g., isomorphic-git) from making cross-origin requests when using protocol v2, which sends git-protocol: version=2.
Symptom
Access to fetch at 'https://pod.example/path/repo/info/refs?service=git-upload-pack'
from origin 'https://jss.live' has been blocked by CORS policy:
Request header field git-protocol is not allowed by Access-Control-Allow-Headers
in preflight response.
Fix
In the OPTIONS preflight response for git-protocol routes, add git-protocol to Access-Control-Allow-Headers. Suggested allowed-headers list:
Access-Control-Allow-Headers: content-type, authorization, git-protocol
Context
The browser-side git frontend at jss.live/git/ (repo: JavaScriptSolidServer/git) currently works around this by setting protocolVersion: 1 in git.listServerRefs. That's a client workaround; the proper fix is server-side so smart-HTTP v2 works for all clients.
Refs
The git handler in
src/handlers/git.jsdoesn't whitelist thegit-protocolheader in CORS preflight (OPTIONS) responses. This blocks browser-side git clients (e.g., isomorphic-git) from making cross-origin requests when using protocol v2, which sendsgit-protocol: version=2.Symptom
Fix
In the OPTIONS preflight response for git-protocol routes, add
git-protocoltoAccess-Control-Allow-Headers. Suggested allowed-headers list:Context
The browser-side git frontend at
jss.live/git/(repo: JavaScriptSolidServer/git) currently works around this by settingprotocolVersion: 1ingit.listServerRefs. That's a client workaround; the proper fix is server-side so smart-HTTP v2 works for all clients.Refs
src/handlers/git.js— git smart-HTTP handlergit-protocol: version=2header