Add support for OPTIONS request to HttpTransport

[joschi]

Description

The HttpTransport handler (used by the GELF HTTP input) currently doesn't support HTTP OPTIONS requests which are required for proper CORS handling (preflight requests).

This PR adds support for the OPTIONS HTTP request method.

Fixes #3232

Motivation and Context

If web applications want to log messages to Graylog, the user's web browser will send preflight requests to the GELF HTTP input. If these preflight requests fail, the web browser will refuse to send anything to that URI.

Types of changes

• Bug fix (non-breaking change which fixes an issue)

Checklist:

• My code follows the code style of this project.
• I have read the CONTRIBUTING document.
• I have added tests to cover my changes.
• All new and existing tests passed.

[bernd]

While this fixes the 405 response, I am getting the following error when testing it from the browser with a correct Content-Type header.

XMLHttpRequest cannot load http://devd.io:12202/gelf. Request header field Content-Type is not allowed by Access-Control-Allow-Headers in preflight response.

It works when I add the Content-Type header to the allowed headers in HttpTransport.

If the allowed headers setting is mandatory for CORS, we should probably make it configurable for the user.

This is my test script: https://gist.github.com/bernd/a302402349bf8daaf88a98d5c1b5f5d1

[joschi]

If the allowed headers setting is mandatory for CORS, we should probably make it configurable for the user.

I disagree here. We should allow the absolute minimum of required headers (which seem to be Authorization and Content-Type) and not more – at least in the context of this PR.

We can still make the list of allowed headers configurable in a specific feature request.