Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

preflight 404 on prefixed index routes in nested/scopted cors setups #281

Closed
2 tasks done
GlenTiki opened this issue Dec 8, 2023 · 0 comments · Fixed by #285
Closed
2 tasks done

preflight 404 on prefixed index routes in nested/scopted cors setups #281

GlenTiki opened this issue Dec 8, 2023 · 0 comments · Fixed by #285

Comments

@GlenTiki
Copy link

GlenTiki commented Dec 8, 2023

Prerequisites

  • I have written a descriptive issue title
  • I have searched existing issues to ensure the bug has not already been reported

Fastify version

4.x

Plugin version

8.4.2

Node.js version

16.X

Operating system

macOS

Operating system version (i.e. 20.04, 11.3, 10)

13.5

Description

Preflight request routing is currently broken for index routes in prefixed plugins with scoped cors routes.

I have a setup right now where I instantiate CORS within scoped route plugins - think differing cors rules for /public and /private.

Within each of these plugins, I setup my cors plugin, and have an index route - so within the /public plugin I add a / route.

However, this index route has no preflight support because the options route added by fastify-cors is scoped to /* (previously, this was just *, but that broke some other setups)

A possible workaround would be to register another options handler on /.

Steps to Reproduce

Repro: https://github.com/GlenTiki/fastify-cors-bug

const Fastify = require("fastify");
const cors = require("@fastify/cors");

const server = Fastify();

const prefixPlugin = async (app) => {
  app.register(cors);
 
  app.get("/", async (request, reply) => {
    return { hello: "world" };
  });
}
server.register(prefixPlugin, {prefix: "/example"});

const assert = require("assert");

async function runTest() {
  await server.ready();
  console.log(server.printRoutes())

  const res = await server.inject({
    url: "/example",
    method: "OPTIONS",
    headers: {
      Accept: "*/*",
      "Accept-Encoding": "gzip, deflate, br",
      "Accept-Language": "zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6",
      "Access-Control-Request-Headers": "content-type",
      "Access-Control-Request-Method": "POST",
      "Cache-Control": "no-cache",
      Connection: "keep-alive",
      Host: "localhost:3001",
      Origin: "http://localhost:8080",
      Pragma: "no-cache",
      Referer: "http://localhost:8080/",
      "Sec-Fetch-Dest": "empty",
      "Sec-Fetch-Mode": "cors",
      "Sec-Fetch-Site": "same-site",
      "User-Agent":
        "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Edg/119.0.0.0",
    },
  });

  console.log(res.statusCode);
  console.log(res.headers);

  // works with "@fastify/cors": "8.4.1"
  // broken with "@fastify/cors": "8.4.2"
  assert(res.statusCode === 204)
}

runTest();

Expected Behavior

Preflight requests should not 404 on the index route.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@GlenTiki