Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: handle CORS pre-flight requests correctly #3052

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions cabal.project
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,7 @@ packages: postgrest.cabal
tests: true
package *
ghc-options: -split-sections
source-repository-package
type: git
location: https://github.com/laurenceisla/wai-cors.git
tag: e2da0d7a3e56592a5f4b35fd3aa6ccd3175525cc
Comment on lines +5 to +8
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using a temporary fork, ideally this would be merged upstream and it should fix allowing using OPTIONS with the Origin header without returning errors.

9 changes: 9 additions & 0 deletions nix/overlays/haskell-packages.nix
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,15 @@ let
{ }
);

wai-cors = lib.dontCheck (
prev.callCabal2nixWithOptions "wai-cors" (super.fetchFromGitHub {
owner = "laurenceisla";
repo = "wai-cors";
rev = "e2da0d7a3e56592a5f4b35fd3aa6ccd3175525cc";
sha256 = "sha256-lTzFiH7c7ZpR+hg6jJXvPKM2DtwMs8gdjdk68GTmtaQ=";
}) "--subpath=." {}
);

};
in
{
Expand Down
2 changes: 1 addition & 1 deletion src/PostgREST/Cors.hs
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ corsPolicy corsAllowedOrigins req = case lookup "origin" headers of
, Wai.corsMaxAge = Just $ 60*60*24
, Wai.corsVaryOrigin = False
, Wai.corsRequireOrigin = False
, Wai.corsIgnoreFailures = True
, Wai.corsIgnoreFailures = False
}
Nothing -> Nothing
where
Expand Down
3 changes: 1 addition & 2 deletions src/PostgREST/Response.hs
Original file line number Diff line number Diff line change
Expand Up @@ -251,8 +251,7 @@ actionResponse (NoDbResult SchemaInfoPlan) _ _ _ _ _ _ = respondInfo "OPTIONS,GE

respondInfo :: ByteString -> Either Error.Error PgrstResponse
respondInfo allowHeader =
let allOrigins = ("Access-Control-Allow-Origin", "*") in
Right $ PgrstResponse HTTP.status200 [allOrigins, (HTTP.hAllow, allowHeader)] mempty
Right $ PgrstResponse HTTP.status200 [(HTTP.hAllow, allowHeader)] mempty

-- Status and headers can be overridden as per https://postgrest.org/en/stable/references/transactions.html#response-headers
overrideStatusHeaders :: Maybe Text -> Maybe BS.ByteString -> HTTP.Status -> [HTTP.Header]-> Either Error.Error (HTTP.Status, [HTTP.Header])
Expand Down
2 changes: 2 additions & 0 deletions stack.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,3 +13,5 @@ extra-deps:
- fuzzyset-0.2.4
- hasql-notifications-0.2.2.0
- hasql-pool-1.0.1
- git: https://github.com/laurenceisla/wai-cors.git
commit: e2da0d7a3e56592a5f4b35fd3aa6ccd3175525cc
Loading