Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access-Control-Request-Method error handling #1317

Closed
mnot opened this issue Oct 4, 2021 · 2 comments
Closed

Access-Control-Request-Method error handling #1317

mnot opened this issue Oct 4, 2021 · 2 comments
Labels
topic: cors

Comments

@mnot
Copy link
Member

mnot commented Oct 4, 2021

In the latest HTTP Archive dump (September, desktop), ACRM appears in 346,135 responses (out of more than 528 million).

30,680 of them (8.142%) don't parse well. AFAICT that's overwhelming because people list multiple methods; e.g.,

GET,HEAD
GET, POST , OPTIONS ,PUT, DELETE, PATCH
OPTIONS,GET,POST
POST, OPTIONS

and so forth.

The spec text regarding parsing this header is pretty thin, AFAICT.
@annevk
Copy link
Member

annevk commented Oct 4, 2021

Do you mean Access-Control-Allow-Methods? Why would you put ACRM on a response? It would get ignored.

https://fetch.spec.whatwg.org/#http-new-header-syntax has the expected syntax. Improving upon that (by defining parsers similar to what is done for Content-Type and such) is tracked in #814.

@mnot
Copy link
Member Author

mnot commented Oct 4, 2021

Ah - I'm just seeing a bunch of folks adding the wrong header to responses :) Never mind.

@mnot mnot closed this as completed Oct 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
topic: cors
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mnot @annevk