-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OPTIONS not working in cowboy_rest #1600
Comments
Probably not. Please provide some code (options callback and/or how the response is sent) and error messages from curl -vvv. |
Here is the options callback: options(Req, State) ->
Req1 = utils:add_cors(Req,<<"GET, POST, OPTIONS">>),
io:format("Doing options (2): ~p~n",[Req1]),
{ok, Req1, State}. ( the io:format is there to see that the code is being called) here is the code for add_cors() add_cors(Req0, Methods) ->
Req1 = cowboy_req:set_resp_header(<<"Access-Control-Allow-Credentials">>, <<"true">>, Req0),
Req2 = cowboy_req:set_resp_header(<<"Access-Control-Request-Headers">>, <<"*">>, Req1),
Req3 = cowboy_req:set_resp_header(<<"Access-Control-Allow-Origin">>, <<"*">>, Req2),
Req4 = cowboy_req:set_resp_header(<<"Vary">>, <<"Origin, Accept-Encoding">>, Req3),
Req5 = cowboy_req:set_resp_header(<<"Access-Control-Allow-Methods">>, Methods, Req4),
cowboy_req:set_resp_header(<<"Access-Control-Max-Age">>, <<"20">>, Req5). These same CORS values work on C++ using the Poco framework. This is the result for running curl
Thanks for your help. |
The header names have to be given as lowercase. Cowboy doesn't lowercase them, it expects you to provide them already lowercase. Since it's using HTTP/2 and uppercase header names are forbidden in HTTP/2 that's probably the issue. |
Thanks @essen, changing the casing to lowercase has fixed the pre-flight. We are still seeing CORS issues but we've made progress. I was not aware of this lower-case HTTP/2 spec. I also see why our C++ framework worked: it only does HTTP1.1. So it all fits together neatly now. I really appreciate your help. |
We are seeing a problem with cowboy 2.9, erl 25, running
cowboy_rest
.When doing the
options
method, the client complains that the stream was not closed cleanly, and therefore does not complete, which generates pre-flight validation errors in the browser using the app. We are using TLS and these are real certs (not self-signed). The same certs are working on the same host in a C++ version of the code. We have implemented our own options callback, so we can addCORS
headers to the response. (we do the same in our C++ implementation).This code was working about 2,5 years ago with the version of cowboy at that time. We did not keep the exact version of cowboy a that time (just kept master).
We see the same problem if we use
curl
to generate theoptions
method.Are we missing some new options in
cowboy:start_tls
?The text was updated successfully, but these errors were encountered: