From 2cb86c57efb95de3b86e0d8fdc1444de0e7cf265 Mon Sep 17 00:00:00 2001 From: loks0n <22452787+loks0n@users.noreply.github.com> Date: Fri, 12 Dec 2025 09:21:57 +0000 Subject: [PATCH] fix: preflight requests --- app/init/resources.php | 8 +++++++- tests/e2e/General/HTTPTest.php | 15 +++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/app/init/resources.php b/app/init/resources.php index 2a2852d4e9..6351dae478 100644 --- a/app/init/resources.php +++ b/app/init/resources.php @@ -198,8 +198,14 @@ App::setResource('allowedHostnames', function (array $platform, Document $projec $allowed[] = $request->getHostname(); } - /* Allow the request origin if a dev key or rule is found */ $originHostname = parse_url($request->getOrigin(), PHP_URL_HOST); + + /* Add request hostname for preflight requests */ + if ($request->getMethod() === 'OPTIONS') { + $allowed[] = $originHostname; + } + + /* Allow the request origin if a dev key or rule is found */ if ((!$rule->isEmpty() || !$devKey->isEmpty()) && !empty($originHostname)) { $allowed[] = $originHostname; } diff --git a/tests/e2e/General/HTTPTest.php b/tests/e2e/General/HTTPTest.php index 35d7ad0919..b8ccde202e 100644 --- a/tests/e2e/General/HTTPTest.php +++ b/tests/e2e/General/HTTPTest.php @@ -184,7 +184,22 @@ class HTTPTest extends Scope 'origin' => 'http://google.com', ]); $this->assertNull($response['headers']['access-control-allow-origin'] ?? null); + } + public function testPreflight() + { + + $endpoint = '/v1/projects'; // Can be any non-404 route + + /** + * Test for SUCCESS + */ + $response = $this->client->call(Client::METHOD_OPTIONS, $endpoint, [ + 'origin' => 'http://random.com', + 'access-control-request-headers' => 'X-Appwrite-Project', + 'access-control-request-method' => 'GET' + ]); + $this->assertEquals('http://random.com', $response['headers']['access-control-allow-origin']); } public function testConsoleRedirect()