Lowercase PATCH verb sent in CORS preflight request result in a rejected method when the server responds with an uppercase PATCH allow-methods #26
Comments
|
@ane thanks for filing the issue, and for the detailed explanation. I will take a look at getting it fixed. |
|
Fixed with #30 |
|
This is resolved with version 0.4.2 |
2rist
pushed a commit
to 2rist/mappersmith
that referenced
this issue
Dec 18, 2017
E.g. see an issue and a fix in axios axios/axios#26 axios/axios#30
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
For cross-origin requests the browser usually sends a preflight OPTIONS request. This request usually asks "Can I use method POST for this resource?" among other questions, by specifying a
Access-Control-Request-Headers: POST.The server will then respond with
Access-Control-Allow-Methods: GET, POSTallowing the method.With axios, sending a patch request creates a
Access-Control-Request-Headers: patchrequest, and if the server responds withAccess-Control-Allow-Methods: PATCH, the created XmlHttpRequest does not send an uppercasePATCHverb, but sends a lowercase one, and the browser decides to disallow the request.This occurs only with PATCH. The reason for this is unclear, but on Chrome 39 on Firefox 33 it seems that all verbs are auto-corrected to uppercase with the exception of PATCH.
Why is this an issue? Because according to the spec, HTTP verbs are case-sensitive, and should be uppercase by default.
http://www.ietf.org/rfc/rfc2616.txt
Thus, the culprit is in fact both in axios and browsers: because browsers tend to uppercase the preflight verbs (but patch seems to be omitted, I have not tested other verbs), and axios sends a lowercase method parameter here.
I think the simplest fix would just be to set the line to
method: method.toUpperCase(). This fixed it for me.The text was updated successfully, but these errors were encountered: