You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The following code tris to configure CORS per path.However, due to optionsMethodHandler ignoring all configured middlewares, a preflight request will receive a bad response which contains no Access-Control-Allow headers.
I'm not sure if I'm configuring CORS in a popular doable way, also the reproducible example is excerpted from a development environment which may not be as realistic as a real prod server case. Any suggestions are welcome.
The text was updated successfully, but these errors were encountered:
@rpstw Note that curl -vL -X OPTIONS '10.20.0.23:3323/some-path?' -H Origin:https://some-origin.com does not correspond to a CORS-preflight request: it's missing an Access-Control-Request-Method header. Therefore, I wouldn't expect a properly implemented CORS middleware to include CORS headers in a response to such a request.
As for applying different CORS middleware on different routes, I believe that Echo allows you to do that. This example uses a different CORS library, but you should be able to adapt it to your needs.
Echo router registers only node matching GET method in its internal routing tree. So when you issue OPTION method call to same path the CORS middleware do not get executed as it is tied (wrapping it) to GET handler. So CORS middleware is best to be used with e.Use() by it to all routes or registering .OPTIONS("path"... to be able to match only some of the requests
p.s. if choose to register own OPTIONS routes you can use echo.MethodNotAllowedHandler handler function
Issue Description
The following code tris to configure CORS per path.However, due to
optionsMethodHandler
ignoring all configured middlewares, a preflight request will receive a bad response which contains no Access-Control-Allow headers.Checklist
Expected behaviour
Actual behaviour
Steps to reproduce
As described above
Working code to debug
As described above
Version/commit
tried 4.11.4 and 4.10.2
Workarounds tried
As #2039 inspired, configuring a custom
OPTIONS
route can bypass the code whereoptionsMethodHandler
ignoring middlewaresI'm not sure if I'm configuring CORS in a popular doable way, also the reproducible example is excerpted from a development environment which may not be as realistic as a real prod server case. Any suggestions are welcome.
The text was updated successfully, but these errors were encountered: