From 196943c78f15a35d89b19bc1ec52d4c38b836b47 Mon Sep 17 00:00:00 2001
From: George MacKerron <george@mackerron.co.uk>
Date: Mon, 17 Jul 2023 20:01:25 +0100
Subject: [PATCH] CORS preflight OPTIONS support for /sql (http fetch) endpoint
 (#4706)

## Problem

HTTP fetch can't be used from browsers because proxy doesn't support
[CORS 'preflight' `OPTIONS`
requests](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#preflighted_requests).

## Summary of changes

Added a simple `OPTIONS` endpoint for `/sql`.
---
 proxy/src/http/websocket.rs | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/proxy/src/http/websocket.rs b/proxy/src/http/websocket.rs
index 83ba034e57..ebbf3e728e 100644
--- a/proxy/src/http/websocket.rs
+++ b/proxy/src/http/websocket.rs
@@ -221,6 +221,18 @@ async fn ws_handler(
             );
             r
         })
+    } else if request.uri().path() == "/sql" && request.method() == Method::OPTIONS {
+        Response::builder()
+            .header("Allow", "OPTIONS, POST")
+            .header("Access-Control-Allow-Origin", "*")
+            .header(
+                "Access-Control-Allow-Headers",
+                "Neon-Connection-String, Neon-Raw-Text-Output, Neon-Array-Mode, Neon-Pool-Opt-In",
+            )
+            .header("Access-Control-Max-Age", "86400" /* 24 hours */)
+            .status(StatusCode::OK) // 204 is also valid, but see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS#status_code
+            .body(Body::empty())
+            .map_err(|e| ApiError::BadRequest(e.into()))
     } else {
         json_response(StatusCode::BAD_REQUEST, "query is not supported")
     }