Fix missing CORS headers on OPTION responses (#7560)

Broke in #7534.
This commit is contained in:
Erik Johnston 2020-05-22 17:42:39 +01:00 committed by GitHub
parent e5c67d04db
commit 2901f54359
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 30 additions and 1 deletions

1
changelog.d/7560.misc Normal file
View File

@ -0,0 +1 @@
All endpoints now respond with a 200 OK for `OPTIONS` requests.

View File

@ -452,7 +452,7 @@ class OptionsResource(resource.Resource):
code, response_json_object = _options_handler(request) code, response_json_object = _options_handler(request)
return respond_with_json( return respond_with_json(
request, code, response_json_object, send_cors=False, canonical_json=False, request, code, response_json_object, send_cors=True, canonical_json=False,
) )
def getChildWithDefault(self, path, request): def getChildWithDefault(self, path, request):

View File

@ -203,12 +203,40 @@ class OptionsResourceTests(unittest.TestCase):
self.assertEqual(channel.result["code"], b"200") self.assertEqual(channel.result["code"], b"200")
self.assertEqual(channel.result["body"], b"{}") self.assertEqual(channel.result["body"], b"{}")
# Ensure the correct CORS headers have been added
self.assertTrue(
channel.headers.hasHeader(b"Access-Control-Allow-Origin"),
"has CORS Origin header",
)
self.assertTrue(
channel.headers.hasHeader(b"Access-Control-Allow-Methods"),
"has CORS Methods header",
)
self.assertTrue(
channel.headers.hasHeader(b"Access-Control-Allow-Headers"),
"has CORS Headers header",
)
def test_known_options_request(self): def test_known_options_request(self):
"""An OPTIONS requests to an known URL still returns 200 OK.""" """An OPTIONS requests to an known URL still returns 200 OK."""
channel = self._make_request(b"OPTIONS", b"/res/") channel = self._make_request(b"OPTIONS", b"/res/")
self.assertEqual(channel.result["code"], b"200") self.assertEqual(channel.result["code"], b"200")
self.assertEqual(channel.result["body"], b"{}") self.assertEqual(channel.result["body"], b"{}")
# Ensure the correct CORS headers have been added
self.assertTrue(
channel.headers.hasHeader(b"Access-Control-Allow-Origin"),
"has CORS Origin header",
)
self.assertTrue(
channel.headers.hasHeader(b"Access-Control-Allow-Methods"),
"has CORS Methods header",
)
self.assertTrue(
channel.headers.hasHeader(b"Access-Control-Allow-Headers"),
"has CORS Headers header",
)
def test_unknown_request(self): def test_unknown_request(self):
"""A non-OPTIONS request to an unknown URL should 404.""" """A non-OPTIONS request to an unknown URL should 404."""
channel = self._make_request(b"GET", b"/foo/") channel = self._make_request(b"GET", b"/foo/")