405. That\u2019s an error.\r\n
The request method OPTIONS
is inappropriate for the URL /
. That\u2019s all we know.\r\n~ % curl -X OPTIONS https://www.mozilla.org/ -i\r\nHTTP/2 405 \r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 0\r\nserver: meinheld/1.0.2\r\ndate: Wed, 30 Nov 2022 18:18:38 GMT\r\nallow: GET, HEAD\r\nx-frame-options: DENY\r\ncontent-security-policy: child-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com region1.google-analytics.com logs.convertexperiments.com 1003350.metrics.convertexperiments.com 1003343.metrics.convertexperiments.com sentry.prod.mozaws.net o1069899.sentry.io o1069899.ingest.sentry.io https://accounts.firefox.com/ stage.cjms.nonprod.cloudops.mozgcp.net cjms.services.mozilla.com; frame-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; script-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com s.ytimg.com cdn-3.convertexperiments.com app.convert.com data.track.convertexperiments.com 1003350.track.convertexperiments.com 1003343.track.convertexperiments.com; img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com data: mozilla.org www.googletagmanager.com www.google-analytics.com adservice.google.com adservice.google.de adservice.google.dk creativecommons.org cdn-3.convertexperiments.com logs.convertexperiments.com images.ctfassets.net ad.doubleclick.net; style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' app.convert.com; default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com; font-src 'self'\r\ncache-control: max-age=600\r\nexpires: Wed, 30 Nov 2022 18:28:38 GMT\r\nx-backend-server: bedrock-prod-web-b95bc569d-grd25.iowa-a\r\nstrict-transport-security: max-age=31536000\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\nvia: 1.1 google, 1.1 6c90b631453c435bd0022caa657b67e8.cloudfront.net (CloudFront)\r\nx-cache: Error from cloudfront\r\nx-amz-cf-pop: SFO5-P2\r\nx-amz-cf-id: A6-9mLztaE2tz840CbV9bXYiBMZRKEamDj6jGGEl1U7sg8egWfsDqg==\r\n\r\n~ % curl -X OPTIONS https://example.com -i \r\nHTTP/2 200 \r\nallow: OPTIONS, GET, HEAD, POST\r\ncache-control: max-age=604800\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Wed, 30 Nov 2022 18:18:59 GMT\r\nexpires: Wed, 07 Dec 2022 18:18:59 GMT\r\nserver: EOS (vny/0451)\r\ncontent-length: 0\r\n```", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1469973742, "label": "Make sure CORS works for write APIs"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1922#issuecomment-1332504654", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1922", "id": 1332504654, "node_id": "IC_kwDOBm6k_c5PbGhO", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-11-30T17:27:39Z", "updated_at": "2022-11-30T17:27:39Z", "author_association": "OWNER", "body": "I'll test this once it's deployed to https://latest.datasette.io/", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1469973742, "label": "Make sure CORS works for write APIs"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1922#issuecomment-1332493004", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1922", "id": 1332493004, "node_id": "IC_kwDOBm6k_c5PbDrM", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-11-30T17:18:10Z", "updated_at": "2022-11-30T17:18:10Z", "author_association": "OWNER", "body": "Here's why:\r\n\r\nhttps://github.com/simonw/datasette/blob/4ddd77e51254bda3bac990ea662bac2e6b29c5e0/datasette/views/base.py#L71-L79\r\n\r\nThat's code in `BaseView` - but it turns out the code that adds CORS headers is in the `DataView` subclass of that (which the various write API endpoints do not use).\r\n\r\nhttps://github.com/simonw/datasette/blob/4ddd77e51254bda3bac990ea662bac2e6b29c5e0/datasette/views/base.py#L158-L162", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1469973742, "label": "Make sure CORS works for write APIs"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1922#issuecomment-1332492092", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1922", "id": 1332492092, "node_id": "IC_kwDOBm6k_c5PbDc8", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-11-30T17:17:21Z", "updated_at": "2022-11-30T17:17:21Z", "author_association": "OWNER", "body": "I tried running `fetch()` with a POST from a separate domain and got a browser error because it did a GET against the `/db/-/create` endpoint and the 405 method not supported response did not include the CORS headers.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1469973742, "label": "Make sure CORS works for write APIs"}, "performed_via_github_app": null}