Sending request to 'root' api route doesn't return CORS related headers

[tylermichael]

I'm referring to this API call: https://github.com/justintv/Twitch-API/blob/master/v3_resources/root.md

I'm using axios, and it preflights requests going out. This API endpoint isn't exhibiting the same behavior the rest of the routes are.

When I make an OPTIONS request to https://api.twitch.tv/kraken/user, it returns the headers

Access-Control-Allow-Headers:accept, authorization, client-id
Access-Control-Allow-Methods:GET
Access-Control-Allow-Origin:*

Axios then says, ok, my preflight checks have passed, continue with the request.

Sending the same request to the root url fails those checks as it doesn't return any of the headers above.

Is this by design? Am I just missing something?

[3ventic]

OPTIONS to the root endpoint seems to return 400 bad request and an html document(?)

[tylermichael]

Yup, I'm getting the 400 status and the HTML as well. It appears as though it's returning the HTML for the homepage.

curl -v 'https://api.twitch.tv/kraken' \
-X OPTIONS \
-H 'Access-Control-Request-Method: GET' \
-H 'Access-Control-Request-Headers:accept, authorization, client-id' \
-H 'Origin: http://0.0.0.0:3000'