New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CORS support #17

Closed
maxogden opened this Issue May 21, 2014 · 15 comments

Comments

Projects
None yet
@maxogden

maxogden commented May 21, 2014

it would be nice if requestbin had CORS headers enabled so I could use it for testing client side HTTP

@maxogden

This comment has been minimized.

maxogden commented May 21, 2014

ahh, just noticed that 'access-control-allow-origin': '*' is implemented, but it seems that only works for GETs and not POST/PUTs

@maxogden

This comment has been minimized.

maxogden commented May 21, 2014

here's a test case (open dev tools): http://requirebin.com/?gist=91d5131364b6c6ad46e1

@johnsheehan

This comment has been minimized.

Contributor

johnsheehan commented May 21, 2014

We'll look into adding this. In the mean time, you can get RequestBin functionality with CORS enabled using https://www.runscope.com/docs/request-capture Let me know if that would work for you.

@progrium

This comment has been minimized.

Contributor

progrium commented May 21, 2014

Should be an easy PR though!

On Wed, May 21, 2014 at 5:06 PM, John Sheehan notifications@github.comwrote:

We'll look into adding this. In the mean time, you can get RequestBin
functionality with CORS enabled using
https://www.runscope.com/docs/request-capture Let me know if that would
work for you.


Reply to this email directly or view it on GitHubhttps://github.com//issues/17#issuecomment-43814069
.

Jeff Lindsay
http://progrium.com

@janeklb

This comment has been minimized.

janeklb commented Oct 29, 2014

@johnsheehan I've created a bucket but am still getting CORS errors with my POST request -- is there anywhere this has to be configured?

@johnsheehan

This comment has been minimized.

Contributor

johnsheehan commented Oct 29, 2014

Contact support with a share link and we'll take a look:
https://www.runscope.com/support

On Wed, Oct 29, 2014 at 8:31 AM, Janek Lasocki-Biczysko <
notifications@github.com> wrote:

@johnsheehan https://github.com/johnsheehan I've created a bucket but
am still getting CORS errors with my POST request -- is there anywhere this
has to be configured?


Reply to this email directly or view it on GitHub
#17 (comment).

@nodesocket

This comment has been minimized.

nodesocket commented May 1, 2016

Is CORS still not supported with POST requests? I am getting:

XMLHttpRequest cannot load http://requestb.in/4a2vq5s1. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8080' is therefore not allowed access.

@lenichols

This comment has been minimized.

lenichols commented May 8, 2016

Same here... @nodesocket im getting CORS error too

@diogoca

This comment has been minimized.

diogoca commented Aug 8, 2016

same here...

@swrobel

This comment has been minimized.

swrobel commented Sep 23, 2016

You guys fixed this on HTTPbin, don't get why it can't be fixed here...

@MatissJanis

This comment has been minimized.

MatissJanis commented Mar 7, 2017

Still getting a CORS error.

@GabLeRoux

This comment has been minimized.

Contributor

GabLeRoux commented Apr 18, 2017

I sent PR #32. I confirm it works with a POST from jsbin :)
I don't really expect it to be merged, could be insecure and I think it needs some cleanup. Hope it helps someone, you can grab it and install it on heroku 🍾

First PR got rejected, but I used Flask-Cors this time instead. See #34

Until this gets merged, Instructions for heroku:

heroku config:set ENABLE_CORS=1

GabLeRoux added a commit to GabLeRoux/requestbin that referenced this issue Jun 13, 2017

Solves Runscope#17 when running with ENABLE_CORS=1 env variable
* Uses [Flask-Cors](https://flask-cors.readthedocs.io/en/latest/)
* Adds default config `ENABLE_CORS = False` + env var
* Adds default config `CORS_ORIGINS = "*"` + env var

✌️

johnsheehan added a commit that referenced this issue Jun 15, 2017

Merge pull request #34 from GabLeRoux/cors-support-using-env-var
Solves #17 when running with ENABLE_CORS=1 env variable
@GabLeRoux

This comment has been minimized.

Contributor

GabLeRoux commented Jun 15, 2017

This issue can be closed by #34 🎉
Follow original instructions, then set ENABLE_CORS=1 env variable.
On heroku:

heroku config:set ENABLE_CORS=1
@whitneyland

This comment has been minimized.

whitneyland commented Sep 24, 2017

Seems to be fixed technically. However some feedback for what its worth: There's still too much friction and rough edges to using it that could discourage new developers from runscope.

For example, I imagine the typical experience goes something like this, where the developer:

  1. Needs to see endpoint results of making an api call, the api may not even exist yet
  2. Finds requestbin via google, tries a GET example, works in 60 seconds, awesome! I love this!
  3. Tries a POST example, fails because of requestbin CORS support
  4. Googles this git issue, realizes it's intentional, works only if you signup with runscope. some of the excitement fizzles, but hey, starting a company is tough so we understand. signup and continue.
  5. Before signup took 60 seconds to get requestbin working, after signup you are clueless and start wondering around a mishmash of tutorials, runscope specific terms and jargon, and incomplete documentation.

What happened?

  • Searching docs and help on runscope.com for CORS gives no useful results. How is that even possible, knowing people are funneling to requestbin, then here, then signingup for runscope?
  • Developer first experience workflow has not been well tested. It's not lack of effort, clearly lots of effort has gone into tutorials, docs, step by step instructions. It's just that no UX test/optimize/iterate loop with with devs new to the service is being maintained.
@johnsheehan

This comment has been minimized.

Contributor

johnsheehan commented Sep 24, 2017

CORS only needs to be enabled for requests made to requestbin from client-side JS. Most people use RequestBin to inspect requests from 3rd-party webhooks providers or server-side code, which doesn’t require CORS. I linked to the specific doc for the feature you need in Runscope to inspect CORS requests. Sorry you were confused.

@Runscope Runscope locked and limited conversation to collaborators Sep 24, 2017

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.