OPTIONS causes 400 in Firefox and IE10

[awdrius]

Hi,

after upgrading socket.io to 1.1.0 Firefox and IE10 started complaining about CORS. The quick fix for the issue was to change engine.io/lib/server.js on line 125:
from
if ('GET' != req.method)
to
if ('GET' !== req.method && 'OPTIONS' !== req.method)

I know that this is not optimal but it works for me.

P.S. I'm using pure socket.io, without express, restify, etc. If there is a better or a standard way to deal with this - your help is much appreciated.

[mokesmokes]

The best way to deal with it is to first figure out why you're generating OPTIONS requests. Do your best to eliminate them.

[awdrius]

If I use socket.io client for the website, isn't OPTIONS a mandatory request that browsers issue for the cross domain preflights?
E.g. https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests

[mokesmokes]

You normally want to make sure you're generating only "simple requests". Preflighted requests are slower for the client and increase the load on the server. Avoid them if you can... I'm also running in a CORS scenario and making sure to generate only simple requests.

[awdrius]

Unfortunately it is not possible as the API is accessed though multiple request channels and is exposed as a separate subdomain.

I think that a setting to allow OPTIONS preflight request to be handled by engine.io through socket.io (or other) would make sense. It looks like there a plenty of devs out there who are burned by this after upgrading their libraries. A note in documentation with potential workaround(s), explanation, etc. would help. There's nothing worse than trying to make something work and have no idea what's wrong (-.

[Edit] Explanation of "simple request" for those who might use it as a fix: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

[darrachequesne]

Closed as duplicate of #279