Access-Control-Allow-Methods in helper function incorrectly formatted

Question

Access-Control-Allow-Methods in helper function incorrectly formatted

stwilz opened this issue a year ago · 1 comments

Hey Team,

We've just had a few issues implementing POST's to our serverless functions when using the prepareFunction method.
Looks like on line 9,

response.appendHeader('Access-Control-Allow-Methods', 'OPTIONS POST GET');

We don't correctly comma separate the allowed methods as per the specification.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers

We've updated out local copy with,

  response.setHeaders({
    'Access-Control-Allow-Origin': '*',
    'Access-Control-Allow-Methods': 'GET,POST,OPTIONS',
    'Content-Type': 'application/json',
    'Access-Control-Allow-Headers': 'Content-Type',
  });

And we can now POST to without issue.
As an aside it might be worth considering allowing engineers to pass this configuration in as well. There may be cases where they want to enforce these methods. Just a thought :)

Also can external engineers submit PR's to this repo?

Thanks!

Answer 1 · 2023-09-26T22:05:27.000Z

Hi @stwilz! Thanks for bringing this to our attention. Out of curiosity, what exposed this issue in your environment? We haven't run into this being problematic and would love to be able to reproduce it ourselves so that we can improve our robustness.

We do accept external PRs as long as they meet our standards, so feel free to submit one if you'd like! Otherwise, I can take care of it.