CORS preflight OPTIONS handling in backend #1553
Description
Hello,
We are migrating away from NGINX Ingress, because it will be deprecated March 2026 https://kubernetes.io/blog/2025/11/11/ingress-nginx-retirement/, and moving to Cilium. Our current OpenVSX deployment relies on NGINX Ingress CORS behavior.
In the OpenVSX backend codebase, we don’t currently see any handling for preflight (e.g., no OPTIONS routes/mappings and no obvious global CORS configuration that would respond to preflight requests). With NGINX, preflight was handled at the ingress layer. I saw that with Gateway API setups, depending on the controller/version, this may no longer be available, and preflight may reach the backend and fail (404/405 or missing Access-Control-Allow-Headers), which blocks clients entirely.
Questions
-
Does the OpenVSX backend currently handle CORS preflight (OPTIONS) requests when deployed behind a gateway/ingress that forwards OPTIONS to the service?
-
If not, are you open to adding/confirming a supported CORS configuration so the backend can respond to preflight with the appropriate Access-Control-Allow-* headers?
Is there an existing recommended approach to ensure OpenVSX works with clients that require preflight?