Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Fix missing CORS headers on OPTION responses (#7560)
Browse files Browse the repository at this point in the history 
Broke in #7534.
  • Loading branch information
@erikjohnston
erikjohnston authored May 22, 2020
1 parent e5c67d0 commit 2901f54
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 1 deletion.
1 change: 1 addition & 0 deletions changelog.d/7560.misc
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
All endpoints now respond with a 200 OK for `OPTIONS` requests.
2 changes: 1 addition & 1 deletion synapse/http/server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -452,7 +452,7 @@ def render_OPTIONS(self, request):
code, response_json_object = _options_handler(request)

return respond_with_json(
request, code, response_json_object, send_cors=False, canonical_json=False,
request, code, response_json_object, send_cors=True, canonical_json=False,
)

def getChildWithDefault(self, path, request):
Expand Down
28 changes: 28 additions & 0 deletions tests/test_server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -203,12 +203,40 @@ def test_unknown_options_request(self):
self.assertEqual(channel.result["code"], b"200")
self.assertEqual(channel.result["body"], b"{}")

# Ensure the correct CORS headers have been added
self.assertTrue(
channel.headers.hasHeader(b"Access-Control-Allow-Origin"),
"has CORS Origin header",
)
self.assertTrue(
channel.headers.hasHeader(b"Access-Control-Allow-Methods"),
"has CORS Methods header",
)
self.assertTrue(
channel.headers.hasHeader(b"Access-Control-Allow-Headers"),
"has CORS Headers header",
)

def test_known_options_request(self):
"""An OPTIONS requests to an known URL still returns 200 OK."""
channel = self._make_request(b"OPTIONS", b"/res/")
self.assertEqual(channel.result["code"], b"200")
self.assertEqual(channel.result["body"], b"{}")

# Ensure the correct CORS headers have been added
self.assertTrue(
channel.headers.hasHeader(b"Access-Control-Allow-Origin"),
"has CORS Origin header",
)
self.assertTrue(
channel.headers.hasHeader(b"Access-Control-Allow-Methods"),
"has CORS Methods header",
)
self.assertTrue(
channel.headers.hasHeader(b"Access-Control-Allow-Headers"),
"has CORS Headers header",
)

def test_unknown_request(self):
"""A non-OPTIONS request to an unknown URL should 404."""
channel = self._make_request(b"GET", b"/foo/")
Expand Down

0 comments on commit 2901f54

Please sign in to comment.