Request fails during preflight (OPTIONS) when informed custom headers and method 'DELETE'

Question

Request fails during preflight (OPTIONS) when informed custom headers and method 'DELETE'

Closed this issue 4 years ago · 0 comments

Describe the bug
When the client performs a preflight request (HTTP/ OPTIONS), the tshield sends back the headers 'Access-Control-Allow-Headers' and 'Access-Control-Allow-Methods', that results in error of 'Cross-Origin Resource Sharing (CORS)', once ther first restrict the possibile allowed headers in: Authorization, Content-Type, Accept, X-User-Email, X-Auth-Token; and the second does not inform the allowed methods supported.

To Reproduce
Perform a preflight request (HTTP/ OPTIONS), for a DELETE endpoint, that sends a header not supported.

Expected behavior
Allow the preflight request return status OK (200)