From 545f2feacc37acd5985247a9965064639ae82e5f Mon Sep 17 00:00:00 2001
From: Landry Benguigui <lbenguigui@gmail.com>
Date: Wed, 16 Apr 2025 15:00:05 +0200
Subject: [PATCH] Add Content-Length header to preflight response

---
 pkg/middlewares/headers/header.go      | 1 +
 pkg/middlewares/headers/header_test.go | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/pkg/middlewares/headers/header.go b/pkg/middlewares/headers/header.go
index 3930277c8..a9e0ae52b 100644
--- a/pkg/middlewares/headers/header.go
+++ b/pkg/middlewares/headers/header.go
@@ -53,6 +53,7 @@ func NewHeader(next http.Handler, cfg dynamic.Headers) (*Header, error) {
 func (s *Header) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 	// Handle Cors headers and preflight if configured.
 	if isPreflight := s.processCorsHeaders(rw, req); isPreflight {
+		rw.Header().Set("Content-Length", "0")
 		rw.WriteHeader(http.StatusOK)
 		return
 	}
diff --git a/pkg/middlewares/headers/header_test.go b/pkg/middlewares/headers/header_test.go
index 17745e826..0fd2ea38f 100644
--- a/pkg/middlewares/headers/header_test.go
+++ b/pkg/middlewares/headers/header_test.go
@@ -134,6 +134,7 @@ func TestNewHeader_CORSPreflights(t *testing.T) {
 				"Origin":                         {"https://foo.bar.org"},
 			},
 			expected: map[string][]string{
+				"Content-Length":               {"0"},
 				"Access-Control-Allow-Origin":  {"https://foo.bar.org"},
 				"Access-Control-Max-Age":       {"600"},
 				"Access-Control-Allow-Methods": {"GET,OPTIONS,PUT"},
@@ -152,6 +153,7 @@ func TestNewHeader_CORSPreflights(t *testing.T) {
 				"Origin":                         {"https://foo.bar.org"},
 			},
 			expected: map[string][]string{
+				"Content-Length":               {"0"},
 				"Access-Control-Allow-Origin":  {"*"},
 				"Access-Control-Max-Age":       {"600"},
 				"Access-Control-Allow-Methods": {"GET,OPTIONS,PUT"},
@@ -171,6 +173,7 @@ func TestNewHeader_CORSPreflights(t *testing.T) {
 				"Origin":                         {"https://foo.bar.org"},
 			},
 			expected: map[string][]string{
+				"Content-Length":                   {"0"},
 				"Access-Control-Allow-Origin":      {"*"},
 				"Access-Control-Max-Age":           {"600"},
 				"Access-Control-Allow-Methods":     {"GET,OPTIONS,PUT"},
@@ -191,6 +194,7 @@ func TestNewHeader_CORSPreflights(t *testing.T) {
 				"Origin":                         {"https://foo.bar.org"},
 			},
 			expected: map[string][]string{
+				"Content-Length":               {"0"},
 				"Access-Control-Allow-Origin":  {"*"},
 				"Access-Control-Max-Age":       {"600"},
 				"Access-Control-Allow-Methods": {"GET,OPTIONS,PUT"},
@@ -210,6 +214,7 @@ func TestNewHeader_CORSPreflights(t *testing.T) {
 				"Origin":                        {"https://foo.bar.org"},
 			},
 			expected: map[string][]string{
+				"Content-Length":               {"0"},
 				"Access-Control-Allow-Origin":  {"*"},
 				"Access-Control-Max-Age":       {"600"},
 				"Access-Control-Allow-Methods": {"GET,OPTIONS,PUT"},