I don't see the correct headers in the response of a CORS pre-flight request

oren · June 5, 2017, 6:58am

Any ideas why I don’t see the correct response header for CORS preflight request?
The issue only happens on production environment that uses Caddy server. Also, I don’t use the Caddy’s cors plugin but maybe I should?

Details about the request, response, and Caddy config:

Caddy version: 0.10.3

From the chrome ‘network’ tab:

general:

    Request URL:https://api.healthcobot.com/adminlogin
    Request Method:OPTIONS
    Status Code:502
    Remote Address:188.166.177.168:443
    Referrer Policy:no-referrer-when-downgrade

request headers:

    :authority:api.healthcobot.com
    :method:OPTIONS
    :path:/adminlogin
    :scheme:https
    accept:*/*
    accept-encoding:gzip, deflate, sdch, br
    accept-language:en-US,en;q=0.8
    access-control-request-headers:content-type
    access-control-request-method:POST
    dnt:1
    origin:https://admin.healthcobot.com
    referer:https://admin.healthcobot.com/login

response:

    content-length:16
    content-type:text/plain; charset=utf-8
    date:Mon, 05 Jun 2017 06:01:40 GMT
    server:Caddy
    status:502
    x-content-type-options:nosniff

Caddy access log:

  "OPTIONS /adminlogin HTTP/2.0" 502 16

Caddy’s configuration file:

  healthcobot.com, www.healthcobot.com {
      root /home/deploy/projects/home
  }

  doctor.healthcobot.com {
      root /home/deploy/projects/doctor
  }

  member.healthcobot.com {
      gzip
      root /home/deploy/projects/member
  }

  lab.healthcobot.com {
      root /home/deploy/projects/lab
  }

  admin.healthcobot.com {
      root /home/deploy/projects/admin
  }

  api.healthcobot.com {
    proxy / localhost:3000 {
      transparent
    }

    log ./access.log
  }

And just in case it matters, here is the revelant code on my server:

// support cors by sending specific headers
// and if the request is OPTIONS send 200 right away
func corsMiddleware(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.Header().Set("Access-Control-Allow-Origin", "https://admin.healthcobot.com")
		w.Header().Set("Access-Control-Allow-Origin", "https://member.healthcobot.com")
		w.Header().Set("Access-Control-Allow-Origin", "https://doctor.healthcobot.com")
		w.Header().Set("Access-Control-Allow-Origin", "http://localhost:8080")
		w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PATCH, PUT, DELETE, OPTIONS")
		w.Header().Set("Access-Control-Allow-Headers:", "Origin, Content-Type, X-Auth-Token, Authorization")
		w.Header().Set("Content-Type", "application/json")

		if r.Method == "OPTIONS" {
			return
		}

		next.ServeHTTP(w, r)
	})
}

oren · June 7, 2017, 3:15am

What is going on here? I don’t want to delete my post.

matt · June 7, 2017, 4:42am

Looks like Guilherme posted a reply then deleted it. ¯\_(ツ)_/¯

oren · June 7, 2017, 6:31am

I found out the issue. 502 means that Caddy was unable to reach my Go server. My server was running on port 3001 and not 3000. Changing it in Caddyfile solved this issue.

system · September 5, 2017, 6:31am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.