Add OPTIONS to allowed methods in default config

gin-contrib / cors

Official CORS gin's middleware

https://gin-gonic.github.io/gin/

MIT License

1.77k stars 181 forks source link

Add OPTIONS to allowed methods in default config #50

Open lukyth opened 5 years ago

lukyth commented 5 years ago

According to https://github.com/gin-contrib/cors/blob/master/cors.go#L151, OPTIONS aren't allowed by default. Should it be allowed?

When performing certain types of cross-domain Ajax requests, modern browsers that support CORS will insert an extra preflight request to determine whether they have permission to perform the action. The preflight request is using the OPTIONS method.

vzool commented 5 years ago

Same issue here, it should be catch all OPTIONS globally and returns a proper response.

zaynetro commented 5 years ago

OPTIONS is a special request and is handled separately: https://github.com/gin-contrib/cors/blob/master/config.go#L76

jub0bs commented 1 year ago

Mistaking an OPTIONS request as a preflight request is a recurring problem in CORS middleware. However, not all OPTIONS requests are preflight requests.