Is this a support request?
This is directly related to the CLI / Dev-Server code.
Describe the bug
The CorsHeaders defined here only allow the GET method. For routers that support REPORT (such as the evalXRouter) the preflight checks will fail for that method and the client will receive a 405 status code when trying to connect.
To reproduce
- Run the
ldcli dev server
- Curl the
sdk/evalx/{envId}/contexts endpoint with REPORT, it will pass as expected
$ curl -X REPORT http://localhost:8765/sdk/evalx/dev/contexts
{"foo":{"value":false,"version":16,"trackEvents":false}}
- Simulate a preflight check for that endpoint & method, it will reject with a
405 status code
$ curl -i -X OPTIONS "http://localhost:8765/sdk/evalx/dev/contexts" \
-H "Origin: http://localhost:8080" \
-H "Access-Control-Request-Method: REPORT" \
-H "Access-Control-Request-Headers: content-type"
HTTP/1.1 405 Method Not Allowed
Date: Tue, 24 Mar 2026 16:44:27 GMT
Content-Length: 0
Expected behavior
The CORS middleware should support the same methods that each router does, such that preflight checks return correctly for REPORT methods.
Logs
If applicable, add any log output related to your problem.
CLI version
2.2.0
OS/platform
macOS 14.8.4
Additional context
Add any other context about the problem here.
Is this a support request?
This is directly related to the CLI / Dev-Server code.
Describe the bug
The
CorsHeadersdefined here only allow theGETmethod. For routers that supportREPORT(such as the evalXRouter) the preflight checks will fail for that method and the client will receive a405status code when trying to connect.To reproduce
ldclidev serversdk/evalx/{envId}/contextsendpoint withREPORT, it will pass as expected405status codeExpected behavior
The CORS middleware should support the same methods that each router does, such that preflight checks return correctly for
REPORTmethods.Logs
If applicable, add any log output related to your problem.
CLI version
2.2.0OS/platform
macOS 14.8.4
Additional context
Add any other context about the problem here.