meilisearch: Cors error returned instead of authentication_error on wrong API key in browser
Describe the bug
Previously when integrate MeiliSearch in a browser script and run it without API key or with a wrong API key I would receive a authentication_error
.
Since v0.15 i receive a CORS error.
To Reproduce Steps to reproduce the behavior:
- Launch a MeiliSearch instance with a masterKey
- Use the following code in a http file (notice it does not use a master key)
<!DOCTYPE html>
<html>
<head>
<meta charset='utf-8'>
<meta http-equiv='X-UA-Compatible' content='IE=edge'>
</head>
<body>
Indexes:
<div id="indexes"></div>
</body>
</html>
<script src="../../dist/bundles/meilisearch.umd.js"></script>
<script>
const client = new window.MeiliSearch({
host: 'http://127.0.0.1:7700',
})
client.listIndexes().then(res => {
console.log({ res });
res.map(index => document.querySelector('#indexes').innerHTML = `<div>${index.name}</div>`)
})
</script>
- Open the html file or run a http server using
http-server yourhtmlfile.html
- Open it on a browser and look at the console
Expected behavior
Return the authentication_error
body instead of a CORS error as it not clear what failed.
{
"message": "You must have an authorization token",
"errorCode": "missing_authorization_header",
"errorType": "authentication_error",
"errorLink": "https://docs.meilisearch.com/errors#missing_authorization_header"
}
Screenshots
v.0.15:
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 15 (10 by maintainers)
Commits related to this issue
- fix #1021 — committed to meilisearch/meilisearch by ManyTheFish 4 years ago
Fixed by the integration of the new search engine in https://github.com/meilisearch/MeiliSearch/pull/1421
Could not reproduce with latest v0.21 so all good for me
Just fixed it ! Sorry, I put the key in the private ENV variables.
The way I reproduce the error is by either adding a wrong API key or no API key. Instead of returning an error telling me I have no authorization, it makes a CORS error. Could you check that your API key is correct on your production server?
After further investigation, this is how to reproduce the problem:
Minimal code to reproduce :