Bug #11509
Updated by Tom Clegg over 7 years ago
h3. Background The Workbench log viewer uses an ajax request to retrieve log data. It uses the POST method so it can include the api_token in the body. If the log is larger than the configured limit (@log_viewer_max_bytes@), it also adds a Range header. h3. Problem Range is not a "safe" header for CORS, so the browser performs a pre-flight OPTIONS request, to which keep-web responds 405, so the request fails. h3. Solution keep-web should respond to OPTIONS requests with 200 status and CORS headers: * Access-Control-Allow-Origin: * * Access-Control-Max-Age: 86400 * Access-Control-Allow-Headers: Range * Access-Control-Allow-Methods: GET, POST POST, OPTIONS