HandlePreflight not generating any headers
mar1n3r0 opened this issue · 1 comments
Hi there, I have a problem where the preflight handler doesn't set any of the necessary headers.
It happens only if I try to set an additional header for CSRF protection, if I do a POST request without adding headers there is no preflight happening. Tried with AllowAll config, Default and custom to no avail. If I add a handler for the same route with method OPTIONS I get the headers but then the body is not there.
Similar case: preflight-request-error
I saw that the handler was assigned for both methods at the same time but the router I use does not allow to add multiple methods at once.
What am I missing ?
Logs:
Request Headers:
Host: localhost:3000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: /
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-csrf-token
Referer: http://localhost:7000/
Origin: http://localhost:7000
Connection: keep-alive
Response Headers:
HTTP/1.1 200 OK
Allow: POST, OPTIONS
Date: Thu, 26 Mar 2020 14:40:10 GMT
Content-Length: 0
No debug logs are produced. The expected result was:
For example, suppose the browser makes a request with the following headers:
Origin: http://yourdomain.com
Access-Control-Request-Method: POST
Access-Control-Request-Headers: X-Custom-Header
Your server should then respond with the following headers:Access-Control-Allow-Origin: http://yourdomain.com
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: X-Custom-Header
Fixed, the solution was to add this to the handler and keep both POST and OPTIONS for the same route.
// Stop here if its Preflighted OPTIONS request
if r.Method == "OPTIONS" {
return
}