Closed coding-bunny closed 4 years ago
Access-Control-Request-Method
is a request header - it is given as part of the preflight request coming into the server. As a response, CORS returns the allowed request method for that resource as Access-Control-Allow-Methods
.
Gotcha, so it will never show up in the response, I just tell the server how I want to request the resource, and check the reply whether it's allowed or not.
Then I know how to write specs for this now, thank you :)
Hello,
I'm trying to understand why the
rack-cors
gem is not exposing theAccess-Control-Request-Method
header?I've configured this as follows:
However, when making test request, the
Access-Control-Request-Method
is never in the response:I can see it's in the expose-header from the configuration, but the actual header is not exposed.