feat: dispatch OPTIONS requests #10011
Conversation
Add micronaut.server.dispatch-options-requests configuration setting which by default is false
|
@yawkat @graemerocher @dstepanov let me know if you agree with this PR and I will add more docs. |
| if (request.getMethod() != HttpMethod.OPTIONS) { | ||
| return null; // proceed | ||
| } | ||
| if (CorsUtil.isPreflightRequest(request)) { |
There was a problem hiding this comment.
It might be better to run the CORS filter first instead of this check.
There was a problem hiding this comment.
I have added a commit to ensure the CorsFilter happens before the Optionsfilter. However, I think it is more correct to leave this if check in place.
|
this essentially hijacks all our options processing? that seems wrong |
|
also 200 is better here, cant actually say what content length will be returned by GET |
what "Option processing" are we currently doing? |
if the response has no content as in this PR, I think a 204 is more correct. |
|
i mixed up HEAD and OPTIONS, both my points don't apply to OPTIONS. |
|
@sdelamo Jonas is right, what if somebody defines the OPTIONS methods manually? How do we handle the same scenario with HEAD? |
Do you mean if someone annotates a controller method with I can modify the filter and check for a route match, and if there is a route match, proceed. I assume a route match will happen when you have a @controller method annotated with |
|
Sound good, please test the HEAD use case as well |
Please, note this filter proceeds if the request methods is other than option |
http-server/src/main/java/io/micronaut/http/server/OptionsFilter.java
Outdated
Show resolved
Hide resolved
http-server/src/main/java/io/micronaut/http/server/OptionsFilter.java
Outdated
Show resolved
Hide resolved
http-server/src/main/java/io/micronaut/http/server/OptionsFilter.java
Outdated
Show resolved
Hide resolved
http-server/src/main/java/io/micronaut/http/server/cors/CorsUtil.java
Outdated
Show resolved
Hide resolved
http-server/src/main/java/io/micronaut/http/server/HttpServerConfiguration.java
Show resolved
Hide resolved
http-server/src/main/java/io/micronaut/http/server/HttpServerConfiguration.java
Show resolved
Hide resolved
@dstepanov I added it here 2f54ebe |
| ---- | ||
| micronaut: | ||
| server: | ||
| dispatch-options-requests: true |
There was a problem hiding this comment.
this should be under CorsConfigration
There was a problem hiding this comment.
That's doesn't need to related to CORS, Spring MVC has it the sam way
There was a problem hiding this comment.
This is not related to CORS or necessary for CORS.
http-server/src/main/java/io/micronaut/http/server/OptionsFilter.java
Outdated
Show resolved
Hide resolved
http-server/src/main/java/io/micronaut/http/server/HttpServerConfiguration.java
Outdated
Show resolved
Hide resolved
…onfiguration.java Co-authored-by: Jonas Konrad <[email protected]>
|
Kudos, SonarCloud Quality Gate passed! |
It adds
micronaut.server.dispatch-options-requestsconfiguration setting which by default isfalse. If set totrue, an OPTION request, unless it is a CORS Preflight request, returns 204 and the Allow HTTP Header populated.Spring Boot 3.1. by default sets
spring.mvc.dispatch-options-requesttotrueand it behaves the same way as we will in this PR. Spring Boot returns 200, I returned 204 which I think it is more correct.