Enabling "add_preflighted_routes" in version 2.10 results in "400 Bad Request" responses

[plk]

Sorry, I didn't get chance to comment before the 2.10 release but testing this with the most basic CORS setup (all defaults) works. However, I have to use add_preflighted_routes or nothing works but when I add this, trying my routes in non-CORS settings (which are the majority of the use cases), they all return "404" ...

I am using 2.10 with:

add_preflighted_routes => 1
$app->defaults(openapi_cors_allowed_origins => [some regexps])

and this in an under which every controller calls:

$c->openapi->cors_exchange;

[jhthorsen]

Your issue is very hard to follow. You say everything works and nothing works, which is very confusing. Let me try to ask some questions which might help me understand what you're doing:

• "most basic CORS setup": Do you mean only "Simple requests" and not "Preflighted requests"?
• "and this in an under which every controller calls": Do you mean you have an $r->under(..) route? I'm not sure where that is documented, and I need example code to understand what you're actually doing.
• Are you sure the response is not 400, instead of 404?

I'm marking this issue as "invalid" for now, since it's in best cast lacking in information and examples on how to reproduce.

Please have a look at https://github.com/jhthorsen/mojolicious-plugin-openapi/blob/master/t/cors.t and see if you can write a new test that replicates your problem. (Preferably as a new test)

[jhthorsen]

I'm pretty sure you meant 400 Bad Request, instead of 404 Not Found. If so, then I'm pretty sure this is fixed in 2.11. I thought I had written a test for this, but I see now that all my requests in cors.t has "Origin" in the header. I've now added more tests and fixed the issue:

https://github.com/jhthorsen/mojolicious-plugin-openapi/blob/5729e1b068845ce10553e2cdb361fe508f8cc76f/t/cors.t#L88