Closed johnknapp closed 3 years ago
Touching base with @jeremyevans in case roda could be involved somehow?
The simplest way to check out would to create an alternative implementation in bare rack and see if it has the same issue. I did that in the other issue you posted, hopefully you can follow the same approach in this case.
Thank you Jeremy. I neglected to mention that the cors request headers have been observed as identical between a POST request (which works) and a PUT request (in which the response from host is missing all cors headers.)
Request headers for successful POST request:
POST /rank HTTP/1.1
Host: my_backend.herokuapp.com
Connection: keep-alive
Content-Length: 70
Accept: application/json
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1
Content-Type: application/json
Origin: https://my_frontend.herokuapp.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://my_frontend.herokuapp.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: alpha=yadda.yadda
Request headers for unsuccessful PUT request:
PUT /account HTTP/1.1
Host: my_backend.herokuapp.com
Connection: keep-alive
Content-Length: 58
Accept: application/json
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1
Content-Type: application/json
Origin: https://my_frontend.herokuapp.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://my_frontend.herokuapp.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: alpha=yadda.yadda
Perhaps I'm going blind but these headers look to me to be identical except for method.
@johnknapp it looks to me that the 500 is coming from your Rack app:
Jan 05 15:43:06 my_backend app/web.1 I, [2021-01-05T23:43:05.993604 #4] INFO -- : access_token valid
Jan 05 15:43:06 my_backend app/web.1 2021-01-05 23:43:05 +0000 Rack app ("PUT /account" - (73.223.174.252)): #<NoMethodError: undefined method `empty?' for nil:NilClass>
I thought I had cors working fine since my
POST
andGET
requests work great.But my
PUT
is blocked for missing origin header, even though my backend permits that method.Here are request and response headers and my rack-cors debug mode server logs.
I might be missing something obvious but I'm stumped.
1) Preflight request headers:
2) Preflight response headers:
3) PUT request headers:
4) PUT response headers:
5) Associated server logs with rack-cors in debug mode:
By the way, the 500 is expected given the cors failure.