Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CORS Preflight OPTIONS request should return 200 instead of 204 #4008

Closed
wbcustc opened this issue Nov 22, 2018 · 5 comments
Closed

CORS Preflight OPTIONS request should return 200 instead of 204 #4008

wbcustc opened this issue Nov 22, 2018 · 5 comments

Comments

@wbcustc
Copy link

wbcustc commented Nov 22, 2018

Summary

CORS Preflight OPTIONS request should return 200 instead of 204
Actual code here
https://github.com/Kong/kong/blob/master/kong/plugins/cors/handler.lua#L143

Steps To Reproduce

It seems it will only block the GET request. If you set your own header in a GET request, chrome will send a preflight OPTIONS first and get 204 response.
The browser will not continue to send the actual GET request since it's NO_CONTENT.

Possible fix

instead of returning 204, just return 200 with Content-Length header set to 0.
Instructed by this guideline.
https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request
@aslafy-z
Copy link
Contributor

I'd love to take this up if no one works on it.

As this would change the response code, I guess it's a breaking change that has to land into next, right?

@aslafy-z aslafy-z mentioned this issue Nov 28, 2018
Merged
thibaultcha pushed a commit that referenced this issue Nov 30, 2018
@aslafy-z @thibaultcha
fix(cors) return HTTP 200 instead of 204 for preflight requests
da8b4c2 
User agents seem to not honour HTTP 204 as a valid response
status code for preflight requests. Therefore, we now return
HTTP 200 which is instructed by Mozilla guidelines.

Fix #4008
From #4029
@thibaultcha
Copy link
Member

Just merged #4029, which will be part of 1.0 (including the upcoming 1.0.0rc4 planned for next week). Thank you for reporting the issue!

@dzmitry-lahoda
Copy link

image

and https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS 204 ...

@dzmitry-lahoda
Copy link

i am here because of asp.net iis kestel, but that is kong with 26k stars...

@thibaultcha
Copy link
Member

See my answer in #4029.

@devinivy devinivy mentioned this issue Aug 25, 2020
Closed
@ly521ly ly521ly mentioned this issue Jan 12, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dzmitry-lahoda @thibaultcha @aslafy-z @wbcustc