Skip to content

Commit

Permalink
cors: always return 204 for a matched preflight (#150)
Browse files Browse the repository at this point in the history 
Previously it could return a 404, etc.
This had the effect of in the browser producting a network error
because the preflight request failed.
  • Loading branch information
@gregwebs
gregwebs authored Oct 27, 2023
1 parent e8b11b4 commit 283c213
Show file tree
Hide file tree
Showing 4 changed files with 32 additions and 6 deletions.
8 changes: 6 additions & 2 deletions cors/examples/calc/gen/http/calc/server/server.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 4 additions & 2 deletions cors/generate.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -166,10 +166,10 @@ func serverCORS(f *codegen.File) {
}

// Data: ServiceData
var corsHandlerInitT = `{{ printf "%s creates a HTTP handler which returns a simple 200 response." .Endpoint.HandlerInit | comment }}
var corsHandlerInitT = `{{ printf "%s creates a HTTP handler which returns a simple 204 response." .Endpoint.HandlerInit | comment }}
func {{ .Endpoint.HandlerInit }}() http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(200)
w.WriteHeader(204)
})
}
`
Expand Down Expand Up @@ -234,6 +234,8 @@ func {{ .OriginHandler }}(h http.Handler) http.Handler {
{{- if $policy.Headers }}
w.Header().Set("Access-Control-Allow-Headers", "{{ join $policy.Headers ", " }}")
{{- end }}
w.WriteHeader(204)
return
}
h.ServeHTTP(w, r)
return
Expand Down
4 changes: 2 additions & 2 deletions cors/generate_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,10 @@ import (
)

func TestGenerate(t *testing.T) {
var corsHandler = `// NewCORSHandler creates a HTTP handler which returns a simple 200 response.
var corsHandler = `// NewCORSHandler creates a HTTP handler which returns a simple 204 response.
func NewCORSHandler() http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(200)
w.WriteHeader(204)
})
}
`
Expand Down
20 changes: 20 additions & 0 deletions cors/testdata/code.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ func HandleSimpleOriginOrigin(h http.Handler) http.Handler {
w.Header().Set("Vary", "Origin")
if acrm := r.Header.Get("Access-Control-Request-Method"); acrm != "" {
// We are handling a preflight request
w.WriteHeader(204)
return
}
h.ServeHTTP(w, r)
return
Expand All @@ -41,6 +43,8 @@ func HandleRegexpOriginOrigin(h http.Handler) http.Handler {
w.Header().Set("Vary", "Origin")
if acrm := r.Header.Get("Access-Control-Request-Method"); acrm != "" {
// We are handling a preflight request
w.WriteHeader(204)
return
}
h.ServeHTTP(w, r)
return
Expand Down Expand Up @@ -70,6 +74,8 @@ func HandleSimpleEnvVarOriginOrigin(h http.Handler) http.Handler {
w.Header().Set("Vary", "Origin")
if acrm := r.Header.Get("Access-Control-Request-Method"); acrm != "" {
// We are handling a preflight request
w.WriteHeader(204)
return
}
h.ServeHTTP(w, r)
return
Expand Down Expand Up @@ -99,6 +105,8 @@ func HandleMultiOriginOrigin(h http.Handler) http.Handler {
if acrm := r.Header.Get("Access-Control-Request-Method"); acrm != "" {
// We are handling a preflight request
w.Header().Set("Access-Control-Allow-Methods", "GET, POST")
w.WriteHeader(204)
return
}
h.ServeHTTP(w, r)
return
Expand All @@ -113,6 +121,8 @@ func HandleMultiOriginOrigin(h http.Handler) http.Handler {
// We are handling a preflight request
w.Header().Set("Access-Control-Allow-Methods", "GET, POST")
w.Header().Set("Access-Control-Allow-Headers", "X-Shared-Secret")
w.WriteHeader(204)
return
}
h.ServeHTTP(w, r)
return
Expand All @@ -138,6 +148,8 @@ func HandleOriginFileServerOrigin(h http.Handler) http.Handler {
w.Header().Set("Vary", "Origin")
if acrm := r.Header.Get("Access-Control-Request-Method"); acrm != "" {
// We are handling a preflight request
w.WriteHeader(204)
return
}
h.ServeHTTP(w, r)
return
Expand All @@ -163,6 +175,8 @@ func HandleOriginMultiEndpointOrigin(h http.Handler) http.Handler {
w.Header().Set("Vary", "Origin")
if acrm := r.Header.Get("Access-Control-Request-Method"); acrm != "" {
// We are handling a preflight request
w.WriteHeader(204)
return
}
h.ServeHTTP(w, r)
return
Expand All @@ -188,6 +202,8 @@ func HandleFirstServiceOrigin(h http.Handler) http.Handler {
w.Header().Set("Vary", "Origin")
if acrm := r.Header.Get("Access-Control-Request-Method"); acrm != "" {
// We are handling a preflight request
w.WriteHeader(204)
return
}
h.ServeHTTP(w, r)
return
Expand All @@ -212,6 +228,8 @@ func HandleSecondServiceOrigin(h http.Handler) http.Handler {
w.Header().Set("Vary", "Origin")
if acrm := r.Header.Get("Access-Control-Request-Method"); acrm != "" {
// We are handling a preflight request
w.WriteHeader(204)
return
}
h.ServeHTTP(w, r)
return
Expand All @@ -237,6 +255,8 @@ func HandleFilesOrigin(h http.Handler) http.Handler {
w.Header().Set("Vary", "Origin")
if acrm := r.Header.Get("Access-Control-Request-Method"); acrm != "" {
// We are handling a preflight request
w.WriteHeader(204)
return
}
h.ServeHTTP(w, r)
return
Expand Down

0 comments on commit 283c213

Please sign in to comment.