My scenario is that the preflight OPTIONS request is occurring on a HTTP DELETE request.
In this scenario, only the Access-Control-Request-Method: DELETE header is specified, and not Access-Control-Allow-Headers. As a result, line 117 would set this header to null value.
This PR proposes to safeguard this logic to only set this header when required.
Seldaek
commented
7 years ago
My scenario is that the preflight OPTIONS request is occurring on a HTTP DELETE request.
In this scenario, only the
Access-Control-Request-Method: DELETEheader is specified, and notAccess-Control-Allow-Headers. As a result, line 117 would set this header to null value.This PR proposes to safeguard this logic to only set this header when required.