OPTIONS Verb 404 about cors HOT 14 OPEN

If I have to define a route for OPTIONS, it really limits the usefulness of the library.

I wrote a middleware function to do the cors that seems to be working.

To me, when adding a CORS library to an api project I'm expecting that all routes will be covered by the library. Defining an OPTIONS route means I have do that for every single endpoint on the API which typically if I'm supplying a client-facing api, CORS will be required for all routes.

from cors.

Yep that is EXACTLY what was wrong. My feedback here would be:

Since disallowed origins are returned with a 403, I would suggest if Origin is not present to return a 403 by default, and if AllowAllOrigins is enabled, Ignore the Origin header altogether (since a null/undefined origin would be assumed in the "All Origins")

from cors.

I had a typo in the header Orgin: http://localhost instead of Origin: http://localhost I was sending, sorry for the noise.

from cors.

You have defined only a route on get?

from cors.

You are right, cors is listening for options requests, but maybe you are running into https://github.com/gin-contrib/cors/blob/master/config.go#L33

from cors.

Thank you though, that was precisely what was wrong

from cors.

Also confused by this issue. When will the server return a 404?

from cors.

+1

from cors.

how ?

from cors.

Guys, I'm really lost!!! How to resolve this issue?
Thanks

from cors.

package main

import (
	"github.com/gin-contrib/cors"
	"github.com/gin-gonic/gin"
)

func main() {
	router := gin.Default()
	// same as
	// config := cors.DefaultConfig()
	// config.AllowAllOrigins = true
	// router.Use(cors.New(config))
	router.Use(cors.Default())
	router.GET("/ping", func(c *gin.Context) {
		c.JSON(200, gin.H{
			"message": "pong",
		})
	})
	router.Run("0.0.0.0:3000")
}

I receive a 404 with an OPTIONS request as well.

from cors.

You are right, cors is listening for options requests, but maybe you are running into https://github.com/gin-contrib/cors/blob/master/config.go#L33

what does this mean?

from cors.

Hi Folks,

This appears to still be open, and since I am having the same issue, are there any suggestions to resolving besides writing my own CORS handler (or, I guess, forking and fixing)?

Thanks.

from cors.

Hi Folks,

This appears to still be open, and since I am having the same issue, are there any suggestions to resolving besides writing my own CORS handler (or, I guess, forking and fixing)?

Thanks.

Found this middleware func from stackoverflow:

func CORSMiddleware() gin.HandlerFunc {
    return func(c *gin.Context) {
        c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
        c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
        c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
        c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT")
        if c.Request.Method == "OPTIONS" {
            c.AbortWithStatus(204)
            return
        }
        c.Next()
    }
}

from cors.