HandlePreflight not generating any headers

Question

HandlePreflight not generating any headers

mar1n3r0 opened this issue 4 years ago · 1 comments

Hi there, I have a problem where the preflight handler doesn't set any of the necessary headers.
It happens only if I try to set an additional header for CSRF protection, if I do a POST request without adding headers there is no preflight happening. Tried with AllowAll config, Default and custom to no avail. If I add a handler for the same route with method OPTIONS I get the headers but then the body is not there.

Similar case: preflight-request-error

I saw that the handler was assigned for both methods at the same time but the router I use does not allow to add multiple methods at once.

What am I missing ?

Logs:

Request Headers:
Host: localhost:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: /
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-csrf-token
Referer: http://localhost:7000/
Origin: http://localhost:7000
Connection: keep-alive

Response Headers:
HTTP/1.1 200 OK
Allow: POST, OPTIONS
Date: Thu, 26 Mar 2020 14:40:10 GMT
Content-Length: 0

No debug logs are produced. The expected result was:

For example, suppose the browser makes a request with the following headers:

Origin: http://yourdomain.com
Access-Control-Request-Method: POST
Access-Control-Request-Headers: X-Custom-Header
Your server should then respond with the following headers:

Access-Control-Allow-Origin: http://yourdomain.com
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: X-Custom-Header

Answer 1 · 2020-03-26T19:30:53.000Z

Fixed, the solution was to add this to the handler and keep both POST and OPTIONS for the same route.

// Stop here if its Preflighted OPTIONS request
if r.Method == "OPTIONS" {
    return
}