Add HEAD to CORS ALL_METHODS list #1112
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The HEAD method is conspicuously absent from the allowed methods list when `allow_methods="*"` is used. This doesn't really affect CORS preflight requests, as HEAD requests aren't preflighted by the browser, but it does prevent the actual cross-origin HEAD response from being read by the calling app. [This can catch people off-guard.](https://discuss.encode.io/t/for-cors-middleware-why-is-head-not-included-in-all-methods/939) This simply adds HEAD to the `ALL_METHODS` list in the CORS middleware module and includes some additional tests to validate the new behavior.
|
It does seem to be specified in the spec. https://fetch.spec.whatwg.org/ Do you know of any reason it might have been missing? |
|
Nope, I just discovered it when I found that the |
euri10
reviewed
Dec 16, 2020
euri10
reviewed
Dec 16, 2020
… check Co-authored-by: euri10 <euri10@users.noreply.github.com>
|
Hmm, this one's failing in the same way as #1111 with I think errors in the database code. |
|
@euri10 I forgot about this one. Looks like tests are passing now. |
euri10
approved these changes
Apr 5, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The HEAD method is conspicuously absent from the allowed methods list when
allow_methods="*"isused. This doesn't really affect CORS preflight requests, as HEAD requests aren't preflighted by the
browser, but it does prevent the actual cross-origin HEAD response from being read by the calling
app.
This can catch people off-guard.
This simply adds HEAD to the
ALL_METHODSlist in the CORS middleware module and includes someadditional tests to validate the new behavior.