Github user eiri commented on a diff in the pull request:
https://github.com/apache/couchdb-chttpd/pull/101#discussion_r53009242
--- Diff: src/chttpd_cors.erl ---
@@ -159,17 +159,24 @@ handle_preflight_request(Req, Config, Origin) ->
headers(Req, RequestHeaders) ->
- case get_origin(Req) of
- undefined ->
- %% If the Origin header is not present terminate
- %% this set of steps. The request is outside the scope
- %% of this specification.
- %% http://www.w3.org/TR/cors/#resource-processing-model
- RequestHeaders;
- Origin ->
- headers(Req, RequestHeaders, Origin, get_cors_config(Req))
+ case is_preflight_response(RequestHeaders) of
+ false ->
+ case get_origin(Req) of
+ undefined ->
+ %% If the Origin header is not present terminate
+ %% this set of steps. The request is outside the scope
+ %% of this specification.
+ %% http://www.w3.org/TR/cors/#resource-processing-model
+ RequestHeaders;
+ Origin ->
+ headers(Req, RequestHeaders, Origin,
get_cors_config(Req))
+ end;
+ true ->
+ RequestHeaders
end.
+is_preflight_response(Headers) ->
+ lists:keymember("Access-Control-Allow-Origin", 1, Headers).
--- End diff --
Not sure, but does mochi autocapitalize headers? Otherwise we destine to
throw false negative for the clients passing a low case headers.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
