Log when a request is an OPTIONS request but not a preflight request

Fixes https://github.com/aspnet/AspNetCore/issues/2375

Log when a request is an OPTIONS request but not a preflight request
e6bdf128 · Pranav K · 2690a3f6 · e6bdf128 · e6bdf128
--- a/src/Microsoft.AspNetCore.Cors/Infrastructure/CorsService.cs
+++ b/src/Microsoft.AspNetCore.Cors/Infrastructure/CorsService.cs
@@ -92,9 +92,14 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure

            var origin = context.Request.Headers[CorsConstants.Origin];
            var requestHeaders = context.Request.Headers;
-            var isPreflightRequest =
-                string.Equals(context.Request.Method, CorsConstants.PreflightHttpMethod, StringComparison.OrdinalIgnoreCase) &&
-                requestHeaders.ContainsKey(CorsConstants.AccessControlRequestMethod);
+
+            var isOptionsRequest = string.Equals(context.Request.Method, CorsConstants.PreflightHttpMethod, StringComparison.OrdinalIgnoreCase);
+            var isPreflightRequest = isOptionsRequest && requestHeaders.ContainsKey(CorsConstants.AccessControlRequestMethod);
+
+            if (isOptionsRequest && !isPreflightRequest)
+            {
+                _logger.IsNotPreflightRequest();
+            }

            var corsResult = new CorsResult
            {

--- a/src/Microsoft.AspNetCore.Cors/Internal/CORSLoggerExtensions.cs
+++ b/src/Microsoft.AspNetCore.Cors/Internal/CORSLoggerExtensions.cs
@@ -19,6 +19,7 @@ namespace Microsoft.AspNetCore.Cors.Internal
        private static readonly Action<ILogger, Exception> _failedToSetCorsHeaders;
        private static readonly Action<ILogger, Exception> _noCorsPolicyFound;
        private static readonly Action<ILogger, Exception> _insecureConfiguration;
+        private static readonly Action<ILogger, Exception> _isNotPreflightRequest;

        static CORSLoggerExtensions()
        {
@@ -76,6 +77,11 @@ namespace Microsoft.AspNetCore.Cors.Internal
                LogLevel.Warning,
                new EventId(11, "CorsInsecureConfiguration"),
                "The CORS protocol does not allow specifying a wildcard (any) origin and credentials at the same time. Configure the policy by listing individual origins if credentials needs to be supported.");
+
+            _isNotPreflightRequest = LoggerMessage.Define(
+                LogLevel.Debug,
+                new EventId(12, "OptionsRequestWithoutAccessControlRequestMethodHeader"),
+                "This request uses the HTTP OPTIONS method but does not have an Access-Control-Request-Method header. This request will not be treated as a CORS preflight request.");
        }

        public static void IsPreflightRequest(this ILogger logger)
@@ -132,5 +138,10 @@ namespace Microsoft.AspNetCore.Cors.Internal
        {
            _insecureConfiguration(logger, null);
        }
+
+        public static void IsNotPreflightRequest(this ILogger logger)
+        {
+            _isNotPreflightRequest(logger, null);
+        }
    }
 }