Middlewares are not used for OPTIONS requests
diamondburned opened this issue · comments
Preamble
It doesn't appear that Crow executes middlewares at all for OPTIONS requests. This means that crow::CORSHandler
is useless when handling CORS preflight requests. For other kinds of requests (GET, POST, etc.), Crow runs the middleware.
Without the proper CORS headers in the OPTIONS response, the browser will complain when custom headers are added into the request:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://0.0.0.0:18080/wordle_key_pressed/y. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 204.
Reproducing
Reproducing code for crow::CORSHandler
#include "crow_all.h"
int main() {
crow::App<crow::CORSHandler> app;
app.get_middleware<crow::CORSHandler>().global().origin("*");
CROW_ROUTE(app, "/")
([]() { return "Hello world"; });
app.port(18000).run();
return 0;
}
What should happen: when curl -X OPTIONS
is used, Crow should execute the crow::CORSHandler
middleware, which will respond with the right CORS headers.
What actually happens: Crow does not run any middlewares, and no CORS headers are present in the response:
$ curl -X OPTIONS -v http://0.0.0.0:18000
* Trying 0.0.0.0:18000...
* Connected to 0.0.0.0 (127.0.0.1) port 18000 (#0)
> OPTIONS / HTTP/1.1
> Host: 0.0.0.0:18000
> User-Agent: curl/7.84.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 204 No Content
< Allow: OPTIONS, HEAD, GET
< Content-Length: 0
< Server: Crow/master
< Date: Mon, 24 Oct 2022 03:29:49 GMT
<
* Connection #0 to host 0.0.0.0 left intact
Just to confirm that crow::CORSHandler
is working as it should be, it does respond with all the required CORS headers for GET requests:
$ curl -v http://0.0.0.0:18000
* Trying 0.0.0.0:18000...
* Connected to 0.0.0.0 (127.0.0.1) port 18000 (#0)
> GET / HTTP/1.1
> Host: 0.0.0.0:18000
> User-Agent: curl/7.84.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Access-Control-Allow-Headers: *
< Access-Control-Allow-Methods: *
< Access-Control-Allow-Origin: *
< Content-Length: 11
< Server: Crow/master
< Date: Mon, 24 Oct 2022 03:30:04 GMT
< Connection: Keep-Alive
<
* Connection #0 to host 0.0.0.0 left intact
Hello world
Nevermind. It seems like this repository is not maintained anymore.
Closing in favor of CrowCpp/Crow#538.