OPTIONS verb not accepted by the API

[brunolm]

Describe the bug

Browsers, axios and maybe some other really popular packages implement requests following the standard that it will submit an OPTIONS request before submitting POST or other verbs. This is called Preflight Request.

However, Lotus doesn't seem to work with the Preflight Request.

To Reproduce

Steps to reproduce the behavior:

1. Create a node app with axios
2. Make a POST request to Filecoin.ClientMinerQueryOffer on http://127.0.0.1:1234/rpc/v0

import axios from 'axios'

const apiUrl = 'http://127.0.0.1:1234/rpc/v0'
const token = 'token'
const body = {
    jsonrpc: '2.0',
    method: 'Filecoin.ClientMinerQueryOffer',
    params: [miner, { '/': dataCid }, null],
    id: 0,
}

const callLotus = async (body) => {
  const { data } = await axios.post(apiUrl, body, {
    headers: {
      'Content-Type': 'application/json',
      Authorization: `Bearer ${token}`,
    },
  })

  return data
}

callLotus(body)

Expected behavior

The server to respond correctly with

{
  "id": 0,
  "jsonrpc": "2.0",
  "result": {
    "Err": "",
    "MinPrice": "8192",
    "Miner": "f0minerId",
    "MinerPeer": {
      "Address": "f0minerId",
      "ID": "12D[...]2NL",
      "PieceCID": null
    },
    "PaymentInterval": 1048576,
    "PaymentIntervalIncrease": 1048576,
    "Piece": null,
    "Root": {
      "/": "baf[...]qmq"
    },
    "Size": 4096,
    "UnsealPrice": "0"
  }
}

Version (run lotus version):

lotus version 1.1.2+git.d4cdc6d33.dirty

Additional context

Workaround

Have Caddy or Nginx handle the OPTIONS request

@options {
        method OPTIONS
}
handle @options {
        header Access-Control-Allow-Origin *
        header Access-Control-Allow-Headers *
        header Access-Control-Request-Method *
        header Access-Control-Allow-Credentials true
        respond 204
}

[arajasek]

Thanks for the request!

@magik6k Curious to know how valuable you think this would be?