Fix CORS redirects in noms serve #3617
base: master
Are you sure you want to change the base?
Conversation
The httprouter was HTTP-redirecting paths like graphql to graphql/ which isn't CORS-compatible. This patch just hard-codes the trailing and non-trailing slash versions of each handler path.
@rafael-atticlabs ptal I looked at httprouter and I didn't see a better way of doing this. |
(adding the trailing / i.e. |
I think @arv is a better person to review. |
router.POST(strings.TrimSuffix(path, "/"), s.corsHandle(s.makeHandle(hndlr))) | ||
} | ||
} | ||
post(constants.BasePath, HandleBaseGet) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why did HandleBaseGet change to POST?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oops...
Maybe disable RedirectTrailingSlash instead? https://godoc.org/github.com/julienschmidt/httprouter#Router.RedirectTrailingSlash |
This patch does also disable RedirectTrailingSlash. But without adding it back manually, that would be backwards incompatible. |
Do we really want to support both? |
router.OPTIONS(constants.GraphQLPath, s.corsHandle(noopHandle)) | ||
// Note: we implement trailing trailing-slash removal ourselves because | ||
// httprouter doesn't handle the redirects properly with CORS. | ||
router := httprouter.Router{} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This changes more things than RedirectTrailingSlash. Maybe use New and then set RedirectTrailingSlash instead
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I checked the options and having them all seems correct to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All false, I mean.
See https://github.com/julienschmidt/httprouter/blob/master/router.go#L170
- We don't want any of the Redirect options (they're all CORS incompatible).
- HandleMethodNotAllowed is weird
- HandleOPTIONS is irrelevant since we implement our own
Yes I believe so. |
The httprouter was HTTP-redirecting paths like graphql to graphql/ which
isn't CORS-compatible. This patch just hard-codes the trailing and
non-trailing slash versions of each handler path.