Open lukyth opened 5 years ago
Same issue here, it should be catch all OPTIONS globally and returns a proper response.
OPTIONS
is a special request and is handled separately: https://github.com/gin-contrib/cors/blob/master/config.go#L76
Mistaking an OPTIONS
request as a preflight request is a recurring problem in CORS middleware. However, not all OPTIONS
requests are preflight requests.
According to https://github.com/gin-contrib/cors/blob/master/cors.go#L151,
OPTIONS
aren't allowed by default. Should it be allowed?When performing certain types of cross-domain Ajax requests, modern browsers that support CORS will insert an extra preflight request to determine whether they have permission to perform the action. The preflight request is using the
OPTIONS
method.