Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add HEAD to CORS ALL_METHODS list #3

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Add HEAD to CORS ALL_METHODS list #3

wants to merge 4 commits into from

Conversation

jcwilson
Copy link
Owner

@jcwilson jcwilson commented Nov 26, 2020
edited
Loading

The HEAD method is conspicuously absent from the allowed methods list when allow_methods="*" is used.
This doesn't really affect CORS preflight requests, as HEAD requests aren't preflighted from the browser, but it
does prevent the actual cross-origin HEAD response from being read by the calling app.
This can catch people off-guard.

This PR simply adds HEAD to the ALL_METHODS list in the CORS middleware module and includes some
additional tests to validate the new behavior.

Add HEAD to CORS ALL_METHODS list
584c715 
The HEAD method is conspicuously absent from the allowed methods list when `allow_methods="*"` is
used. This doesn't really affect CORS preflight requests, as HEAD requests aren't preflighted by the
browser, but it does prevent the actual cross-origin HEAD response from being read by the calling
app.
[This can catch people off-guard.](https://discuss.encode.io/t/for-cors-middleware-why-is-head-not-included-in-all-methods/939)

This simply adds HEAD to the `ALL_METHODS` list in the CORS middleware module and includes some
additional tests to validate the new behavior.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@jcwilson @JayH5