Cors Access-Request-Control-Headers ignoring defaults

According to the docs, the `http.cors.allow-methods` setting should default to `OPTIONS,HEAD,GET,POST,PUT,DELETE`, but it appears to default to no methods at all.

With the default settings:

```
curl -H 'Origin: http://localhost:8000' -H 'Access-Control-Request-Method: PUT' -i -X OPTIONS localhost:9200/t/t/1 -d{}
```

returns:

```
HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://localhost:8000
Vary: Origin
Access-Control-Max-Age: 1728000
date: Wed, 20 Jul 2016 14:37:09 GMT
content-length: 0
```

If I set `http.cors.allow-methods` to `OPTIONS,HEAD,GET,POST,PUT,DELETE`, it returns:

```
HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://localhost:8000
Vary: Origin
Access-Control-Allow-Methods: HEAD
Access-Control-Allow-Methods: DELETE
Access-Control-Allow-Methods: POST
Access-Control-Allow-Methods: GET
Access-Control-Allow-Methods: OPTIONS
Access-Control-Allow-Methods: PUT
Access-Control-Max-Age: 1728000
date: Wed, 20 Jul 2016 14:38:18 GMT
content-length: 0
```


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Cors Access-Request-Control-Headers ignoring defaults #19520

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Cors Access-Request-Control-Headers ignoring defaults #19520

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions