OPTIONS issue
sanmadjack opened this issue · 1 comments
I'm using this in conjunction with shelf_rpc, in this manner:
var handler = const shelf.Pipeline()
.addMiddleware(shelf.logRequests())
.addMiddleware(shelf_cors.createCorsHeadersMiddleware())
.addMiddleware(exceptionHandler())
.addHandler(root.handler);
When my client makes an OPTIONS request, I get these header:
Access-Control-Allow-Origin: *
Content-Type: text/plain; charset=utf-8
Date: Tue, 31 May 2016 13:43:45 GMT
Server: dart:io with Shelf
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
This is causing my client requests to fail. If I remove the CORS handler middleware from the pipeline, it sends these on an OPTIONS request:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: application/json; charset=utf-8
Date: Tue, 31 May 2016 13:44:13 GMT
Expires: 0
Pragma: no-cache
Server: dart:io with Shelf
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
If I perform a normal GET request, they both produce the exact same output.
Note: I'm using the CORS handler to provide CORS for a route other than the RPC, obviously they're being provided by the RPC system already, I was just hoping to be able to apply the CORS middleware globally to cover all my bases. It interfering with the headers in a OPTION response is an issue one way or the other though.
After reading the source code for this, I can see that this behavior is completely intentional, all OPTIONS requests get overwritten by a generic OK message. This basically makes this library useless for anything except the most basic of implementations, OPTIONS requests need to return accurate information from the underlying resource.