Fix forwarding non-ok Options request (#15)

cash-track · Apr 7, 2024 · 29fafe6 · 29fafe6
2 parents 4c037ee + af4c54b
commit 29fafe6
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 0 deletions.
diff --git a/captcha/google_recaptcha.go b/captcha/google_recaptcha.go
@@ -52,6 +52,10 @@ func (p *GoogleReCaptchaProvider) Verify(ctx *fasthttp.RequestCtx) (bool, error)
 		return true, nil
 	}
 
+	if string(ctx.Request.Header.Method()) == fasthttp.MethodOptions {
+		return true, nil
+	}
+
 	challenge := ctx.Request.Header.Peek(headers.XCtCaptchaChallenge)
 	if challenge == nil || string(challenge) == "" {
 		log.Printf("[%s] captcha challenge empty", clientIp)

diff --git a/captcha/google_recaptcha_test.go b/captcha/google_recaptcha_test.go
@@ -102,6 +102,27 @@ func TestVerifyEmptySecret(t *testing.T) {
 	assert.NoError(t, err)
 }
 
+func TestVerifyOptions(t *testing.T) {
+	ctrl := gomock.NewController(t)
+	c := mocks.NewHttpClientMock(ctrl)
+
+	ctx := fasthttp.RequestCtx{}
+	ctx.SetRemoteAddr(&net.TCPAddr{IP: []byte{0xA, 0x0, 0x0, 0x1}})
+	ctx.Request.Header.SetMethod(fasthttp.MethodOptions)
+	ctx.Request.Header.Set(headers.XCtCaptchaChallenge, "captcha_challenge_2")
+
+	c.EXPECT().WithReadTimeout(gomock.Eq(googleApiReadTimeout))
+	c.EXPECT().WithWriteTimeout(gomock.Eq(googleApiWriteTimeout))
+
+	p := NewGoogleReCaptchaProvider(c, config.Config{
+		CaptchaSecret: "captcha_secret_1",
+	})
+	state, err := p.Verify(&ctx)
+
+	assert.True(t, state)
+	assert.NoError(t, err)
+}
+
 func TestVerifyEmptyChallenge(t *testing.T) {
 	ctrl := gomock.NewController(t)
 	c := mocks.NewHttpClientMock(ctrl)

diff --git a/headers/cors.go b/headers/cors.go
@@ -71,4 +71,8 @@ func writeCorsAllowedHeaders(ctx *fasthttp.RequestCtx) {
 	ctx.Response.Header.Set(AccessControlAllowMethods, strings.Join(CorsAllowedMethods, ","))
 	ctx.Response.Header.Set(AccessControlAllowHeaders, strings.Join(CorsAllowedHeaders, ","))
 	ctx.Response.Header.Set(AccessControlAllowCredentials, "true")
+
+	if string(ctx.Request.Header.Method()) == fasthttp.MethodOptions {
+		ctx.Response.Header.SetStatusCode(fasthttp.StatusOK)
+	}
 }
diff --git a/headers/cors_test.go b/headers/cors_test.go
@@ -27,6 +27,18 @@ func TestCorsHandler(t *testing.T) {
 		assert.Equal(t, "test.com", string(ctx.Response.Header.Peek(AccessControlAllowOrigin)))
 	})
 
+	t.Run("AllowOptionsStatusAlwaysOk", func(t *testing.T) {
+		ctx := fasthttp.RequestCtx{}
+		ctx.Request.Header.SetMethod(fasthttp.MethodOptions)
+		ctx.Request.Header.Set(Origin, "Test.Com")
+		ctx.Request.Header.Set(XForwardedFor, "127.0.0.1")
+
+		handler := CorsHandler(func(ctx *fasthttp.RequestCtx) {})
+		handler(&ctx)
+
+		assert.Equal(t, fasthttp.StatusOK, ctx.Response.StatusCode())
+	})
+
 	t.Run("RejectIgnorePath", func(t *testing.T) {
 		ctx := fasthttp.RequestCtx{}
 		ctx.Request.Header.Set(Origin, "a.Test.Com")