API: Don't handle non-preflight OPTIONS as CORS
If it's not a preflight, it's either a simple request or an actual
request after a preflight. But simple requests can only be GET, HEAD, or
POST, and we only return a successful response for a preflight if the
actual request is going to be GET or POST. So either way it shouldn't be
handled as CORS.
This also adds a response header to indicate to the end user why
something they probably intended as a CORS request wasn't handled as
one, to help with debugging.
And it renames a local variable that confused me when looking back at
this code.
Bug: T168558
Change-Id: Ia66c74e1cc8536c6c478237540abb4d7a98b9803
dépôts / lhc / web / wiklou.git / commit