Opened on 02/09/2019 at 11:26:20 AM

Closed on 08/29/2019 at 05:43:18 PM

#7269 closed change (rejected)

Do not rewrite preflight OPTIONS requests

Reported by: mjethani Assignee:
Priority: Unknown Milestone:
Module: Platform Keywords: circumvention, closed-in-favor-of-gitlab
Cc: sebastian, kzar, hfiguiere, agiammarchi Blocked By:
Blocking: Platform: Unknown / Cross platform
Ready: no Confidential: no
Tester: Unknown Verified working: no
Review URL(s):



When the browser wants to send a cross-origin request, it first checks with the server whether the server understands CORS using a preflight request. This is an OPTIONS request that the browser sends automatically. Once the server responds with the appropriate methods with the Access-Control-Allow-Methods header, the browser makes the actual GET or POST request.

When we rewrite a URL using the $rewrite option, we want to rewrite the URL for the actual GET or POST request, not the OPTIONS request, because if we do this the call fails and the site resorts to other ways to show ads.

What to change

In lib/requestBlocker.js, rewrite the URL only if the method is not OPTIONS.

Attachments (0)

Change History (5)

comment:1 Changed on 02/09/2019 at 11:29:03 AM by mjethani

  • Review URL(s) modified (diff)

comment:2 Changed on 02/09/2019 at 11:29:44 AM by mjethani

  • Cc hfiguiere added

comment:3 Changed on 02/10/2019 at 12:20:21 PM by mjethani

  • Cc agiammarchi added

comment:4 in reply to: ↑ description Changed on 02/10/2019 at 12:30:57 PM by mjethani

Replying to mjethani:

[...] if we do this the call fails and the site resorts to other ways to show ads.

I'm not sure about this actually, for the case that we are investigating.

Also, not rewriting the preflight OPTIONS request would leak information to the server, which is perhaps why the rewrite filter exists in the first place.

comment:5 Changed on 08/29/2019 at 05:43:18 PM by sebastian

  • Keywords closed-in-favor-of-gitlab added
  • Resolution set to rejected
  • Status changed from new to closed

Sorry, but we switched to GitLab. If this issue is still relevant, please file it again in the new issue tracker.

Add Comment

Modify Ticket

Change Properties
as closed .
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from (none).
Note: See TracTickets for help on using tickets.