Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unsuccessful preflight passed through #85

Closed
felixbuenemann opened this issue Jun 24, 2015 · 2 comments
Closed

Unsuccessful preflight passed through #85

felixbuenemann opened this issue Jun 24, 2015 · 2 comments

Comments

@felixbuenemann
Copy link

If a preflight request does not pass the checks, because either Access-Control-Request-Method or Access-Control-Request-Headerscontains values that are not whitelisted, the request is passed up the rack stack. This will usually lead to an exception, because nothing in the stack handles the OPTIONS request.

I think the better behavior would be to return a 403 error.

I also noticed that on a successful preflight request the status code is 200, but I think 204 would be more appropriate.
@felixbuenemann
Copy link
Author

I'm not quite sure, what's the best behavior is after reading http://www.w3.org/TR/cors/#preflight-request again. It seems any non-2xx status code is handled as a network error. Another viable option seems to be to return a 2xx status code but omit the CORS headers. In the end both conditions should be counted as a failed preflight check.

@cyu
Copy link
Owner

cyu commented Jul 15, 2017

Fixed as #106

@cyu cyu closed this as completed Jul 15, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cyu @felixbuenemann