Can't post file from localhost:3000 with the GitLab API

Context

For the error explained below, i'm using a valid PRIVATE-TOKEN with enough permissions in the headers and i'm the owner on the project i'm trying to push

Repository request

From a Front-end App

While trying to POST a new file to a repository with this route on a frontend app run locally (http://localhost:3000), i've got a 403 - Forbidden in the response.

Request : image

Body : image

Response : image

With cUrl

If i try the same request with cURL containing the same parameters in the body but without the browser headers, the request succeed.

image

But if in Firefox i'm doing Copy Value => Copy as cURL it add the browser header and then i still got a 403 - Forbidden

Possible leads

If the request only fail when coming from a browser ( I've also tried with Chrome ) i think the issue is related with the browser headers :

image

Firefox headers on commit creation request :

'https://gitlab.com/api/v4/projects/38171326/repository/commits' -X POST 
-H 'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:103.0) Gecko/20100101 Firefox/103.0' 
-H 'Accept: application/json, text/plain, */*' 
-H 'Accept-Language: en-US,en;q=0.5' 
-H 'Accept-Encoding: gzip, deflate, br' 
-H 'Content-Type: application/json' 
-H 'PRIVATE_TOKEN: HIDED_IN_THIS_ISSUE' 
-H 'Origin: http://localhost:3000' 
-H 'Connection: keep-alive' 
-H 'Referer: http://localhost:3000/' 
-H 'Sec-Fetch-Dest: empty' 
-H 'Sec-Fetch-Mode: cors' 
-H 'Sec-Fetch-Site: cross-site' 
-H 'Pragma: no-cache' 
-H 'Cache-Control: no-cache' 
-H 'TE: trailers' 
--data-raw '{
   "branch":"master",
   "commit_message":"create a new file",
   "actions":[{"action":"create","file_path":"test.txt","content":"test"}]
}'
--output output.txt
Edited by Thibaud-Vdb