fix append vary header

codeigniter4 · Jan 27, 2025 · 7299696 · 7299696
1 parent 63e4037
commit 7299696
Showing 1 changed file with 11 additions and 3 deletions.
diff --git a/system/Filters/Cors.php b/system/Filters/Cors.php
@@ -61,16 +61,24 @@ public function before(RequestInterface $request, $arguments = null)
         /** @var ResponseInterface $response */
         $response = service('response');
 
-        if ($request->is('OPTIONS')) {
+        if ($this->cors->isPreflightRequest($request)) {
+            $response = $this->cors->handlePreflightRequest($request, $response);
+
             // Always adds `Vary: Access-Control-Request-Method` header for cacheability.
             // If there is an intermediate cache server such as a CDN, if a plain
             // OPTIONS request is sent, it may be cached. But valid preflight requests
             // have this header, so it will be cached separately.
             $response->appendHeader('Vary', 'Access-Control-Request-Method');
+
+            return $response;
         }
 
-        if ($this->cors->isPreflightRequest($request)) {
-            return $this->cors->handlePreflightRequest($request, $response);
+        if ($request->is('OPTIONS')) {
+            // Always adds `Vary: Access-Control-Request-Method` header for cacheability.
+            // If there is an intermediate cache server such as a CDN, if a plain
+            // OPTIONS request is sent, it may be cached. But valid preflight requests
+            // have this header, so it will be cached separately.
+            $response->appendHeader('Vary', 'Access-Control-Request-Method');
         }
 
         $this->cors->addResponseHeaders($request, $response);