Giters

ipkn / crow

Crow is very fast and easy to use C++ micro web framework (inspired by Python Flask)

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Middlewares are not used for OPTIONS requests

diamondburned opened this issue · comments

commented

Preamble

It doesn't appear that Crow executes middlewares at all for OPTIONS requests. This means that crow::CORSHandler is useless when handling CORS preflight requests. For other kinds of requests (GET, POST, etc.), Crow runs the middleware.

Without the proper CORS headers in the OPTIONS response, the browser will complain when custom headers are added into the request:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://0.0.0.0:18080/wordle_key_pressed/y. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 204.

Reproducing

Reproducing code for crow::CORSHandler 
#include "crow_all.h"

int main() {
  crow::App<crow::CORSHandler> app;
  app.get_middleware<crow::CORSHandler>().global().origin("*");

  CROW_ROUTE(app, "/")
  ([]() { return "Hello world"; });

  app.port(18000).run();
  return 0;
}

What should happen: when curl -X OPTIONS is used, Crow should execute the crow::CORSHandler middleware, which will respond with the right CORS headers.

What actually happens: Crow does not run any middlewares, and no CORS headers are present in the response:

$ curl -X OPTIONS -v http://0.0.0.0:18000
*   Trying 0.0.0.0:18000...
* Connected to 0.0.0.0 (127.0.0.1) port 18000 (#0)
> OPTIONS / HTTP/1.1
> Host: 0.0.0.0:18000
> User-Agent: curl/7.84.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 204 No Content
< Allow: OPTIONS, HEAD, GET
< Content-Length: 0
< Server: Crow/master
< Date: Mon, 24 Oct 2022 03:29:49 GMT
< 
* Connection #0 to host 0.0.0.0 left intact

Just to confirm that crow::CORSHandler is working as it should be, it does respond with all the required CORS headers for GET requests:

$ curl -v http://0.0.0.0:18000
*   Trying 0.0.0.0:18000...
* Connected to 0.0.0.0 (127.0.0.1) port 18000 (#0)
> GET / HTTP/1.1
> Host: 0.0.0.0:18000
> User-Agent: curl/7.84.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Access-Control-Allow-Headers: *
< Access-Control-Allow-Methods: *
< Access-Control-Allow-Origin: *
< Content-Length: 11
< Server: Crow/master
< Date: Mon, 24 Oct 2022 03:30:04 GMT
< Connection: Keep-Alive
< 
* Connection #0 to host 0.0.0.0 left intact
Hello world
commented

Nevermind. It seems like this repository is not maintained anymore.

Closing in favor of CrowCpp/Crow#538.