not allowed? requests return nil

[shmish111]

If a request isn't allowed? then nil is returned as a response. There should be something better (although not sure what response exactly, perhaps just a 403)

[pesterhazy]

Same problem here: nil is not a valid return value, it triggers an NPE:

java.lang.NullPointerException: Ring handler returned nil

[gbuisson]

I think the correct behavior, instead of returning nil should be to return the original result of the handler (without adding CORS headers). This way it would trigger the CORS error on the browser and improve feedback.

On a project I'm working on, it returned nil thus triggering a 404 without any other hint, it took me some time to figure out it was due to an issue with this middleware.