check that OPTIONS returns reasonable content

EOS-Nation / bpvalidate

Tools to validate BPs have set up their public configuration correctly

MIT License

20 stars 19 forks source link

check that OPTIONS returns reasonable content #45

Open matthewdarwin opened 5 years ago

matthewdarwin commented 5 years ago

curl -i -X OPTIONS http://jungle.eosn.io/v1/chain/get_info HTTP/1.1 204 No Content Server: nginx/1.14.2 Date: Thu, 01 Aug 2019 00:04:39 GMT Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, HEAD, OPTIONS Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept Access-Control-Max-Age: 1728000 Content-Type: text/plain; charset=utf-8 Content-Length: 0

fabian-emilius commented 3 years ago

Currently the validator checks for the Access-Control-Allow-Headers header in the normal response but this header should be only available in the preflight (OPTIONS) response. Popular libraries like cors for example only include it in the OPTIONS request https://github.com/expressjs/cors/blob/c49ca10e92ac07f98a3b06783d3e6ba0ea5b70c7/lib/index.js#L168