Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
rest/request: skip empty strings in values of Access-Control-Request-…
…Headers WebKit browsers may send a preflight CORS request setting Access-Control-Request-Headers to an empty value, what is in turn interpreted as an empty string on Golang's http server side. An example scenario that triggers this behavior in Chrome is doing a xhr POST request and setting progress callback. Request headers reported by browser's developer tools are then the following: :authority:docker.mender.io:8080 :method:OPTIONS :path:/api/integrations/0.1/deployments/images :scheme:https accept:*/* accept-encoding:gzip, deflate, sdch, br accept-language:en-US,en;q=0.8,pl;q=0.6 access-control-request-headers: <--- empty value here access-control-request-method:POST dnt:1 origin:http://localhost:9999 referer:http://localhost:9999/test.html user-agent:Mozilla/5.0 (X11; Linux x86_64) ... It is unclear whether in such case, the client wants to send no headers in the actual request or just a bug in client's code. Since the original request is cured and repacked into CorsInfo it makes sense to skip Access-Control-Request-Headers values that are empty. Signed-off-by: Maciej Borzecki <maciej.borzecki@rndity.com>
- Loading branch information