Handle OPTIONS pre-flight requests

[sofianegargouri]

Checklist

• [x] Upgrade Jets: Are you using the latest version of Jets? This allows Jets to fix issues fast. There's a jets upgrade command that makes this a simple task. There's also an Upgrading Guide: http://rubyonjets.com/docs/upgrading/
• [x] Reproducibility: Are you reporting a bug others will be able to reproduce and not asking a question. If you're unsure or want to ask a question, do so on https://community.rubyonjets.com
• [ ] Code sample: Have you put together a code sample to reproduce the issue and make it available? Code samples help speed up fixes dramatically. If it's an easily reproducible issue, then code samples are not needed. If you're unsure, please include a code sample.

My Environment

Software	Version
Operating System	MacOS Mojave 10.14.4
Jets	1.8.9
Ruby	2.5.3

---

Expected Behaviour

OPTIONS requests are supposed to return a 200 HTTP Status with the access-control-allow-origin header set

Current Behavior

Returns a 404 error

Step-by-step reproduction instructions

Just setup any route and call it from a JS script in a browser (Postman won't trigger the error)

Code Sample

When running an HTTP request to a Jets app from another app (with CORS), OPTIONS requests are not handled and always return a 404 error.

Solution Suggestion

[ChrisBr]

I tried it with jets-2.1.1 in chrome and it works fine for me.

Test

HTML file I used for testing:

<html>
  <script>
    function httpGet(theUrl)
    {
      var xmlHttp = new XMLHttpRequest();
      xmlHttp.open( "GET", theUrl, false ); // false for synchronous request
      xmlHttp.setRequestHeader("X-Amz-Date", "CORS");
      xmlHttp.send( null );

      return xmlHttp.responseText;
    }
    var res = httpGet("http://localhost:8888");
    console.log(res);
  </script>
</html>

Jets configuration:

Jets.application.configure do
  config.cors = true
end

Caveats

• A custom header needs to get set to trigger a pre flight request (https://stackoverflow.com/a/8572637)
• Default allowed headers are: access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent

@sofianegargouri can you please verify so that we can close the issue. Thanks 🙏

[tongueroo]

Closing until there are more details. Thanks!