CORS: preflight_response: cookie is not used here

[blueyed]

Ref: #510 (comment)

It gets only called for "OPTIONS", but strictly speaking we should maybe check that there is no cookie before?! https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Simple_requests

[steinnes]

I'm not an expert on how the standards bodies expect OPTIONS preflight requests and responses to behave, but it does seem that they should not contain (or set) cookies. From the perspective of "be liberal in what you accept, but strict in what you send" (not sure if that's the verbatim quote) I'd say this is fine?

[lovelydinosaur]

Sorry - I don't understand the question.
There's an unused variable here, so we ought to remove it right?
Any idea how it's been left dangling in the first place?

[blueyed]

There's an unused variable here, so we ought to remove it right?

Yes.

Any idea how it's been left dangling in the first place?

Have not checked - but that's the question mainly: is it required to handle/check cookies there?

[Dustyposa]

@blueyed Have solved this problem?

app.add_middleware(
    CORSMiddleware,
    allow_origins=["*"],
    allow_headers=["*"],
    allow_methods=["*"],
)

I used this config, but still can only recevie OPTION request.
With from front's request still had Cross-domain problem