Open anseljh opened 6 years ago
I ran into the same issue, would love to get author's feedback on that.
I encountered this as well. The problem was I didn't specify which methods should pass their preflight (this is done with the allow_all_methods
or allow_methods_list
kwargs in the CORS
constructor). When the request method isn't allowed, the middleware aborts processing OPTIONS
before it even gets to inspecting the headers, as per the spec. Odd behavior though, as the response doesn't contain any telling signs of what went wrong.
Hello, I ran into a problem similar to #1 while sending a
POST
request to my Falcon API from an Angular web app.After Googling around a bit and finding this StackOverflow question, I realized the browser was first sending an
OPTIONS
request, and complaining about not getting anAccess-Control-Allow-Headers
header back.I had set
allow_all_headers=True
, but still the API was not returning theAccess-Control-Allow-Headers
header in response to theOPTIONS
request. I eventually fixed this by defining a newon_options
method on the resource, but this seems pretty clunky. Shouldn't that be the expected behavior when settingallow_all_headers=True
? Perhapsfalcon-cors
is not even seeing thatOPTIONS
request that precedes thePOST
request?Didn't work:
Did work: