Any ideas why I don’t see the correct response header for CORS preflight request?
The issue only happens on production environment that uses Caddy server. Also, I don’t use the Caddy’s cors plugin but maybe I should?
Details about the request, response, and Caddy config:
Caddy version: 0.10.3
From the chrome ‘network’ tab:
general:
Request URL:https://api.healthcobot.com/adminlogin
Request Method:OPTIONS
Status Code:502
Remote Address:188.166.177.168:443
Referrer Policy:no-referrer-when-downgrade
request headers:
:authority:api.healthcobot.com
:method:OPTIONS
:path:/adminlogin
:scheme:https
accept:*/*
accept-encoding:gzip, deflate, sdch, br
accept-language:en-US,en;q=0.8
access-control-request-headers:content-type
access-control-request-method:POST
dnt:1
origin:https://admin.healthcobot.com
referer:https://admin.healthcobot.com/login
response:
content-length:16
content-type:text/plain; charset=utf-8
date:Mon, 05 Jun 2017 06:01:40 GMT
server:Caddy
status:502
x-content-type-options:nosniff
Caddy access log:
"OPTIONS /adminlogin HTTP/2.0" 502 16
Caddy’s configuration file:
healthcobot.com, www.healthcobot.com {
root /home/deploy/projects/home
}
doctor.healthcobot.com {
root /home/deploy/projects/doctor
}
member.healthcobot.com {
gzip
root /home/deploy/projects/member
}
lab.healthcobot.com {
root /home/deploy/projects/lab
}
admin.healthcobot.com {
root /home/deploy/projects/admin
}
api.healthcobot.com {
proxy / localhost:3000 {
transparent
}
log ./access.log
}
And just in case it matters, here is the revelant code on my server:
// support cors by sending specific headers
// and if the request is OPTIONS send 200 right away
func corsMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Access-Control-Allow-Origin", "https://admin.healthcobot.com")
w.Header().Set("Access-Control-Allow-Origin", "https://member.healthcobot.com")
w.Header().Set("Access-Control-Allow-Origin", "https://doctor.healthcobot.com")
w.Header().Set("Access-Control-Allow-Origin", "http://localhost:8080")
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PATCH, PUT, DELETE, OPTIONS")
w.Header().Set("Access-Control-Allow-Headers:", "Origin, Content-Type, X-Auth-Token, Authorization")
w.Header().Set("Content-Type", "application/json")
if r.Method == "OPTIONS" {
return
}
next.ServeHTTP(w, r)
})
}