Issue with webhook agent

[sairamlella]

Currently we are using docker build for Huginn installation.

Issue is with webhook agent, we are trying to post a call but before post browser is trying to verify using Options request, I set this Options request using verb and also using access-control-allow-methods but still we are seeing 404 error for this.

Request Method: OPTIONS
Status Code: 404

Any help is appreciated.

[dsander]

Web requests made by Huginn do not need to obey the CORS rules which are required by web browsers. You should be able to send the POST/PUT request directly. A 404 response suggests that there is something wrong with the URL you are requesting.

[troya2]

While it's certainly true that Huginn does not need to obey the CORS rules, by not supporting CORS, it opens up an attack vector for the APIs implemented by Huginn users. The WebhookAgent is not aware of OPTIONS requests, so there isn't really an out of the box way that I can think of to support CORS at the moment. Ideally, the WebhookAgent could be updated with a new key, say access_control_allow_origin and to respond to the OPTIONS request based on that. Or, to be even more robust, it could leverage something like rack-cors and hook into its functionality, allowing multiple origins.