It looks like Edge browser sends all headers in camel case (or in the same form as client sends them to the API, I didn't test this option). When client sends Content-Type header it works differently for Edge and other browsers. Edge sends Content-Type, other browsers sends content-type. All headers from allow_headers_list are changed to lowercase so if Edge sends Content-Type then _process_allow_headers method returns False. In my case I can't use API on Edge (it works on IE).
The idea is to change header to lowercase only to check if it exists in self._cors_config['allow_headers_list'] and return not modified header.
It looks like Edge browser sends all headers in camel case (or in the same form as client sends them to the API, I didn't test this option). When client sends
Content-Type
header it works differently for Edge and other browsers. Edge sendsContent-Type
, other browsers sendscontent-type
. All headers fromallow_headers_list
are changed to lowercase so if Edge sendsContent-Type
then_process_allow_headers
method returns False. In my case I can't use API on Edge (it works on IE).The idea is to change header to lowercase only to check if it exists in
self._cors_config['allow_headers_list']
and return not modified header.