Automatically replying to OPTIONS requests is potentially problematic #4551
Comments
|
@MarceloZabini What about if we implement an option for this? So you can disable it when you need |
|
There is perhaps a discussion of what users expect the default to be (personally I'd expect every request to be proxied), but having the option available and documented would certainly be good enough - at least for me. |
|
This has also been reported in angular/angular-cli#23857 I wonder if it's just a matter of registering the |
|
Are you able to test if by updating Edit: Based on the reproduction in angular/angular-cli#23859 it does seem like it's a matter of registration order. |
|
We also have problems with OPTIONS requests handled this way. |
|
Another user confirmed my suspicions that it’s a matter of ordering. |
|
Feel free to send a PR. |
|
@alan-agius4 hm, do you have a valid order (confirmed that we don't have the issue again)? |
|
@alexander-akait, yeah it need to be registered as the last middleware as per the gist (https://gist.github.com/alan-agius4/156a7c36c2927986ef4e1dc6ffcdc97a) that the above users used to verify this. |
Prior to this change the internal options middleware always responsed to such requests. This is because the middleware was registered too early and was not being used as a fallback. With this change we register this middleware as the last middleware to ensure that this is only used as a fallback when OPTIONS requests are not handled. Closes webpack#4551
Prior to this change the internal options middleware always responsed to such requests. This is because the middleware was registered too early and was not being used as a fallback. With this change we register this middleware as the last middleware to ensure that this is only used as a fallback when OPTIONS requests are not handled. Closes #4551
Bug report
OPTIONSrequests are automatically handled by webpack-dev-server since #4180 was implemented by #4185, bypassing the application's backend.Actual Behavior
webpack-dev-server automatically replies to
OPTIONSrequests regardless of how the backend application would handle it.Expected Behavior
Much like any other kind of requests, like
GETandPOST,OPTIONSrequests should by default be forwarded to the application. Applications can reply with a failure depending on the request, and can include a variety of response headers which can be important for the application.How Do We Reproduce?
Use webpack-dev-server 4.10.0, which contains #4185, and any application that handles
OPTIONSrequests in the backend to see that the backend application isn't even contacted.Please paste the results of
npx webpack-cli infohere, and mention other relevant informationSystem:
OS: Linux 5.14 Fedora 33 (Workstation Edition) 33 (Workstation Edition)
CPU: (8) x64 Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
Memory: 7.60 GB / 15.38 GB
Binaries:
Node: 14.19.3 - /nix/store/cnma41dzr06jp8j6vigfp4lmy1dqfg3x-nodejs-14.19.3/bin/node
npm: 6.14.17 - /nix/store/cnma41dzr06jp8j6vigfp4lmy1dqfg3x-nodejs-14.19.3/bin/npm
The text was updated successfully, but these errors were encountered: