-
Type:
Problem report
-
Resolution: Fixed
-
Priority:
Blocker
-
Affects Version/s: 7.2.0
-
Component/s: API (A), Frontend (F)
-
DOC S25-W2/3
-
0.25
Steps to reproduce:
API based applications that uses the Zabbix API stopped working with 7.2 if they respect CORS.
The reason is a missing Header in `api_jsonrpc.php`.
Zabbix 7.2 API requires a new Header "Authorization" but misses to allow this Header here: https://github.com/zabbix/zabbix/blob/master/ui/api_jsonrpc.php
Line 18: `header('Access-Control-Allow-Headers: Content-Type');`
The fix is to add "Authorization" to allowed hedaer by changing the line to: `header('Access-Control-Allow-Headers: Content-Type, Authorization');`
Until this is resolved no App or Client respecting CORS will work.
