fix: not responding with 204 on OPTIONS request

1zun4 · 1zun4 · commit 589ea9b75c21 · 2026-01-30T00:06:22.000+01:00
diff --git a/src/main/kotlin/net/ccbluex/netty/http/HttpConductor.kt b/src/main/kotlin/net/ccbluex/netty/http/HttpConductor.kt
@@ -46,13 +46,13 @@ internal suspend fun HttpServer.processRequestContext(context: RequestContext) =
         return@runCatching httpBadRequest("Incomplete request")
     }
 
-    val (node, params, remaining) = routeController.processPath(context.path, method) ?:
-        return@runCatching httpNotFound(context.path, "Route not found")
-
     if (method == HttpMethod.OPTIONS) {
         return@runCatching httpNoContent()
     }
 
+    val (node, params, remaining) = routeController.processPath(context.path, method) ?:
+        return@runCatching httpNotFound(context.path, "Route not found")
+
     logger.debug("Found destination {}", node)
     val requestObject = RequestObject(
         uri = context.uri,
diff --git a/src/main/kotlin/net/ccbluex/netty/http/middleware/CorsMiddleware.kt b/src/main/kotlin/net/ccbluex/netty/http/middleware/CorsMiddleware.kt
@@ -34,26 +34,30 @@ class CorsMiddleware(
     override fun invoke(context: RequestContext, response: FullHttpResponse): FullHttpResponse {
         val httpHeaders = response.headers()
         val requestOrigin = context.headers[HttpHeaderNames.ORIGIN]
-
-        if (allowedOrigins.contains("*")) {
-            httpHeaders[HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN] = "*"
+        val allowedOrigin = if (allowedOrigins.contains("*")) {
+            "*"
         } else if (requestOrigin != null) {
-            try {
-                val uri = URI(requestOrigin)
-                val host = uri.host
-                if (allowedOrigins.contains(host) || allowedOrigins.contains(requestOrigin)) {
-                    httpHeaders[HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN] = requestOrigin
-                } else {
-                    httpHeaders[HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN] = "null"
-                }
-            } catch (e: URISyntaxException) {
-                httpHeaders[HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN] = "null"
+            val host = try {
+                URI(requestOrigin).host
+            } catch (e: Exception) {
                 logger.error("Invalid Origin header: $requestOrigin", e)
+                null
+            }
+
+            if (host != null && allowedOrigins.contains(host) || allowedOrigins.contains(requestOrigin)) {
+                requestOrigin
+            } else {
+                null
             }
         } else {
-            httpHeaders[HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN] = "null"
+            null
         }
 
+        if (allowedOrigin == null) {
+            logger.debug("CORS origin not allowed: $requestOrigin")
+            return response
+        }
+        httpHeaders[HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN] = allowedOrigin
         httpHeaders[HttpHeaderNames.ACCESS_CONTROL_ALLOW_METHODS] = allowedMethods.joinToString(", ")
         httpHeaders[HttpHeaderNames.ACCESS_CONTROL_ALLOW_HEADERS] = allowedHeaders.joinToString(", ")
         return response
