Can we add a check for the OPTIONS request that was failing initially?

Endpoint : /api/1/known/
Method: OPTIONS
Headers:

• Origin: null
• Access-Control-Request-Method: POST
• Access-Control-Request-Headers: Content-Type

Build has FAILED

Patch application report for D4441 (id=15713)

Rebasing onto bee0470c26...

Current branch diff-target is up to date.

Changes applied before test

commit 540f398bcd7a5a9bcced8a208e20b579b9fc72e1
Author: Antoine Lambert <antoine.lambert@inria.fr>
Date:   Fri Nov 6 16:27:10 2020 +0100

    settings/common: Set CORS headers for api paths

Link to build: https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/458/
See console output for more information: https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/458/console

Build is green

Patch application report for D4441 (id=15716)

Rebasing onto 9940eee372...

Current branch diff-target is up to date.

Changes applied before test

commit 1fe4ad7bc050e013184b670cf9eee6ee48a62973
Author: Antoine Lambert <antoine.lambert@inria.fr>
Date:   Fri Nov 6 16:27:10 2020 +0100

    settings/common: Set CORS headers for api paths

See https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/460/ for more details.

In D4441#110579, @anlambert wrote:

Rebase and add test for OPTIONS request

The test for the OPTIONS pre-flight request isn't sending the headers that would actually be sent by a valid pre-flight request, nor whether the response contains the needed headers to validate it.

See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Examples_of_access_control_scenarios > pre-flighted requests

The OPTIONS need Access-Control-Request-Method and Access-Control-Request-Headers set to relevant values, and needs to check the response for matching Access-Control-Allow-Methods and Access-Control-Allow-Headers values.