search

ipkn / crow

Crow is very fast and easy to use C++ micro web framework (inspired by Python Flask)
BSD 3-Clause "New" or "Revised" License
7.43k stars 889 forks source link

Middlewares are not used for OPTIONS requests #412

Closed diamondburned closed 1 year ago

diamondburned commented 1 year ago

Preamble

It doesn't appear that Crow executes middlewares at all for OPTIONS requests. This means that crow::CORSHandler is useless when handling CORS preflight requests. For other kinds of requests (GET, POST, etc.), Crow runs the middleware.

Without the proper CORS headers in the OPTIONS response, the browser will complain when custom headers are added into the request:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://0.0.0.0:18080/wordle_key_pressed/y. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 204.

Reproducing

Reproducing code for crow::CORSHandler ```cpp #include "crow_all.h" int main() { crow::App app; app.get_middleware().global().origin("*"); CROW_ROUTE(app, "/") ([]() { return "Hello world"; }); app.port(18000).run(); return 0; } ```

What should happen: when curl -X OPTIONS is used, Crow should execute the crow::CORSHandler middleware, which will respond with the right CORS headers.

What actually happens: Crow does not run any middlewares, and no CORS headers are present in the response:

$ curl -X OPTIONS -v http://0.0.0.0:18000
*   Trying 0.0.0.0:18000...
* Connected to 0.0.0.0 (127.0.0.1) port 18000 (#0)
> OPTIONS / HTTP/1.1
> Host: 0.0.0.0:18000
> User-Agent: curl/7.84.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 204 No Content
< Allow: OPTIONS, HEAD, GET
< Content-Length: 0
< Server: Crow/master
< Date: Mon, 24 Oct 2022 03:29:49 GMT
< 
* Connection #0 to host 0.0.0.0 left intact

Just to confirm that crow::CORSHandler is working as it should be, it does respond with all the required CORS headers for GET requests:

$ curl -v http://0.0.0.0:18000
*   Trying 0.0.0.0:18000...
* Connected to 0.0.0.0 (127.0.0.1) port 18000 (#0)
> GET / HTTP/1.1
> Host: 0.0.0.0:18000
> User-Agent: curl/7.84.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Access-Control-Allow-Headers: *
< Access-Control-Allow-Methods: *
< Access-Control-Allow-Origin: *
< Content-Length: 11
< Server: Crow/master
< Date: Mon, 24 Oct 2022 03:30:04 GMT
< Connection: Keep-Alive
< 
* Connection #0 to host 0.0.0.0 left intact
Hello world
diamondburned commented 1 year ago

Nevermind. It seems like this repository is not maintained anymore.

Closing in favor of https://github.com/CrowCpp/Crow/issues/538.