cors icon indicating copy to clipboard operation
cors copied to clipboard

Published 20 hours ago verified publisher icon rs

405 on OPTIONS preflight

Open udf2457 opened this issue 1 year ago • 2 comments
trafficstars

My understanding is the default is that rs/cors takes care of the options headers ? (i.e. when OptionsPassthrough is undefined).

However, e.g. curl -D - -H 'Origin: https://source.example.com' https://target.example.com/v1/reg -X OPTIONS

I get HTTP/2 405 Method Not Allowed

My code is simple and I'm. using rs/cors defaults, e.g.:

// Setup mux
mux := http.NewServeMux()
mux.HandleFunc("POST /v1/reg", v1.RegistrationHandler(ConfigData))
//
log.Debug("starting http")
httpServer := httpsvr.WebServer(*httpListen)
httpServer.Handler = cors.Default().Handler(mux)
err = httpServer.Serve(httpSocket)
if err != nil {
log.Error("http startup error", "err", err.Error())
  os.Exit(1)
}

udf2457 avatar Aug 23 '24 11:08 udf2457

@udf2457 You're hitting the issue explained in https://pkg.go.dev/github.com/jub0bs/cors#example-Middleware.Wrap-Incorrect. Whether you use rs/cors or another CORS library, you have to be careful with method-full patterns (e.g. POST /v1/reg).

jub0bs avatar Aug 23 '24 13:08 jub0bs

Thanks @jub0bs , I'm actually looking at moving to jub0bs/cors but actually I'm not double wrapping, I'm following the method as described in https://github.com/jub0bs/cors/issues/4#issuecomment-2307096259

udf2457 avatar Aug 23 '24 14:08 udf2457

@udf2457 Since https://github.com/jub0bs/cors/issues/4 is now closed, could we close this issue as well?

jub0bs avatar Aug 23 '24 19:08 jub0bs

done thanks for all your help @jub0bs

udf2457 avatar Aug 23 '24 19:08 udf2457