fix: handle CORS pre-flight requests correctly #3052

laurenceisla · 2023-11-16T02:05:45Z

Lets the library handle errors when a pre-flight request fails.

steve-chavez · 2023-11-16T02:24:13Z

src/PostgREST/Cors.hs

@@ -44,3 +44,7 @@ corsPolicy corsAllowedOrigins req = case lookup "origin" headers of
       -- Impossible case, Middleware.Cors will not evaluate this when
       -- the Access-Control-Request-Headers header is not set.
      Nothing   -> []
+    -- The library makes "OPTIONS" requests fail when the "Origin" header is present


Hm, which library?

Ah, I failed to mention the wai-cors library. In summary, it treats an OPTION request with Origin as a pre-flight when it shouldn't IMO. Relevant code.

I added more info here: #3027 (comment). The solution is as I mentioned there or patch the library to remove that validation.

fix: handle CORS pre-flight requests correctly

d781204

laurenceisla force-pushed the options-preflight branch from c128dfc to d781204 Compare November 16, 2023 02:07

steve-chavez reviewed Nov 16, 2023

View reviewed changes

laurenceisla mentioned this pull request Nov 16, 2023

OPTIONS does not actually handle CORS pre-flight requests #3027

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: handle CORS pre-flight requests correctly #3052

fix: handle CORS pre-flight requests correctly #3052

laurenceisla commented Nov 16, 2023

steve-chavez Nov 16, 2023

laurenceisla Nov 16, 2023 •

edited

fix: handle CORS pre-flight requests correctly #3052

Are you sure you want to change the base?

fix: handle CORS pre-flight requests correctly #3052

Conversation

laurenceisla commented Nov 16, 2023

steve-chavez Nov 16, 2023

Choose a reason for hiding this comment

laurenceisla Nov 16, 2023 • edited

Choose a reason for hiding this comment

laurenceisla Nov 16, 2023 •

edited