CORS issue in headers for open-vsx.org
As @amvanbaren pointed out, the NGINX reverse proxy is rejecting the VSCode-SessionId
header in its preflight response.
HTTP error log
Access to XMLHttpRequest at 'https://open-vsx.org/vscode/gallery/extensionquery' from origin 'https://9888-gitpodio-openvscodeserv-s60m8x0a0ht.ws-us51.gitpod.io' has been blocked by CORS policy: Request header field vscode-sessionid is not allowed by Access-Control-Allow-Headers in preflight response.
Context
The new VSCode-SessionId
header is now present for all marketplace requests since https://github.com/microsoft/vscode/commit/d9ccb7eff15945c823c72a7e8c96a1c5e5e0214f for enhanced telemetry.
Proposed solution
This should be fixed by adding VSCode-SessionId
to the Access-Control-Allow-Headers
response header for CORS Preflight responses.