fix: handle options req for cors preflight (#137)

When we use the Console App to create a space, it will send an OPTIONS,
and then a POST request to the UCAN Invocation Server, which is behind
the CORS handler, and that CORS Handler doesn't support OPTIONS requests
for CORS preflight. I've added a new handler to process that OPTIONS
request.

src/index.js

@@ -28,7 +28,8 @@ import {
   withLocator,
   withUcanInvocationHandler,
   withDelegationsStorage,
-  withDelegationStubs
+  withDelegationStubs,
+  withOptionsRequest
 } from './middleware/index.js'
 import { instrument } from '@microlabs/otel-cf-workers'
 import { NoopSpanProcessor } from '@opentelemetry/sdk-trace-base'
@@ -53,6 +54,7 @@ const middleware = composeMiddleware(
   // Prepare the Context for all types of requests
   withCdnCache,
   withContext,
+  withOptionsRequest,
   withCorsHeaders,
   withVersionHeader,
   withErrorHandler,

src/middleware/index.js

@@ -11,3 +11,4 @@ export { withDelegationStubs } from './withDelegationStubs.js'
 export { withGatewayIdentity } from './withGatewayIdentity.js'
 export { withUcanInvocationHandler } from './withUcanInvocationHandler.js'
 export { withDelegationsStorage } from './withDelegationsStorage.js'
+export { withOptionsRequest } from './withOptionsRequest.js'

src/middleware/withOptionsRequest.js

@@ -0,0 +1,20 @@
+/**
+ * @import { Middleware, Context } from '@web3-storage/gateway-lib'
+ */
+
+/**
+ * Handles OPTIONS requests for CORS preflight.
+ * @type {Middleware<Context, Context, {}>}
+ */
+export function withOptionsRequest (handler) {
+  return async (request, env, ctx) => {
+    if (request.method === 'OPTIONS') {
+      const headers = new Headers()
+      headers.set('Access-Control-Allow-Origin', '*')
+      headers.set('Access-Control-Allow-Methods', 'GET, HEAD, POST, OPTIONS')
+      headers.set('Access-Control-Allow-Headers', 'Content-Type, Authorization')
+      return new Response(null, { headers, status: 204 })
+    }
+    return handler(request, env, ctx)
+  }
+}