CORS problems with `/admin/schema/validate`

Report a Dgraph Bug

What version of Dgraph are you using?

Dgraph Version
$ dgraph version
 
Dgraph version   : v21.03.0
Dgraph codename  : rocket
Dgraph SHA-256   : b4e4c77011e2938e9da197395dbce91d0c6ebb83d383b190f5b70201836a773f
Commit SHA-1     : a77bbe8ae
Commit timestamp : 2021-04-07 21:36:38 +0530
Branch           : HEAD
Go version       : go1.16.2
jemalloc enabled : true

Have you tried reproducing the issue with the latest release?

Yes.

What is the hardware spec (RAM, OS)?

N/A

Steps to reproduce the issue (command/config used to run Dgraph).

Trying to fetch /admin/schema/validate from localhost:3000 returns:

Expected behaviour and actual result.

I would expect /admin/schema/validate api to have headers set like other admin/ apis, but it looks like this one https://github.com/dgraph-io/dgraph/blob/ebf8bd6a35a1ab80bde4a10339c2c5a52627db1f/dgraph/cmd/alpha/admin.go#L79 doesn’t use adminAuthHandler like the rest, so no CORS headers are set.

Thank you so much @masiulis for pointing this out. We have accepted this as a bug and a fix will soon be deployed on master branch and will be available in upcoming release.