Responds to all OPTIONS requests as CORS preflights, even if they are not CORS requests

[JamesMGreene]

When enabling the CORS middleware, it inappropriately responds to all HTTP OPTIONS requests as if they were a CORS preflight request -- not just for CORS requests.

Per the CORS spec's "Resource Processing Model" section, requests without the Origin header present are not CORS requests.

This prevents us from responding to normal OPTIONS requests.

NOTE: This bug could possibly be worked around by registering our OPTIONS route handler middleware ahead of the Swagger middleware but I haven't tested that.

[JamesMessinger]

Good point! Thanks for the link to the W3C spec too, that's very helpful.

This is definitely a bug and will be fixed.

[dimitriy-k]

guys, what is the status of that issue?