From 24bf04da74acb3370cb7c3f596a0609b07ac19ad Mon Sep 17 00:00:00 2001 From: Louis Pienaar Date: Mon, 3 Apr 2017 21:34:29 +0200 Subject: [PATCH 1/4] Preflight OPTIONS request fix On my basic authentication jug when doing a GET request, Chrome doesa preflight options request which results in a CORS error (Allow-Cross-Origin and other header errors). This fix creates the headers for all requests including an OPTIONS request but stop execution for when it is an Options request --- R/middleware_cors.R | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/R/middleware_cors.R b/R/middleware_cors.R index bf4e4e1..67d9507 100644 --- a/R/middleware_cors.R +++ b/R/middleware_cors.R @@ -39,13 +39,12 @@ cors<-function( func<-function(req, res, err){ - if(req$method == "OPTIONS"){ - res$set_header("Allow", allow_methods) - return("") # equals stop processing - } - lapply(names(headers), function(header_name) res$set_header(header_name, headers[[header_name]])) - return(NULL) + + if(req$method == "OPTIONS"){ + return("") + } else + return(NULL) } add_middleware(jug, func, path=path, method=NULL) From 1b6c6e65f8cbd621f41cdd7850a11402af3aaf43 Mon Sep 17 00:00:00 2001 From: Bart6114 Date: Fri, 7 Apr 2017 10:19:22 +0200 Subject: [PATCH 2/4] increased selectiveness on OPTIONS request --- R/middleware_cors.R | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/R/middleware_cors.R b/R/middleware_cors.R index 67d9507..74ec4ae 100644 --- a/R/middleware_cors.R +++ b/R/middleware_cors.R @@ -39,12 +39,16 @@ cors<-function( func<-function(req, res, err){ - lapply(names(headers), function(header_name) res$set_header(header_name, headers[[header_name]])) - if(req$method == "OPTIONS"){ - return("") - } else - return(NULL) + res$set_header("Access-Control-Allow-Methods", allow_methods) + res$set_header("Access-Control-Allow-Origin", allow_origin) + res$set_header("Access-Control-Allow-Headers", allow_headers) + + return("") # equals stop processing + } + + lapply(names(headers), function(header_name) res$set_header(header_name, headers[[header_name]])) + return(NULL) } add_middleware(jug, func, path=path, method=NULL) From cafa0e008d13525f2f38702fdc08e06ae245befb Mon Sep 17 00:00:00 2001 From: Bart6114 Date: Fri, 7 Apr 2017 10:23:23 +0200 Subject: [PATCH 3/4] added testing related to #15 --- tests/testthat/test_cors.R | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tests/testthat/test_cors.R b/tests/testthat/test_cors.R index 0f35ad9..1b55ef1 100644 --- a/tests/testthat/test_cors.R +++ b/tests/testthat/test_cors.R @@ -2,6 +2,21 @@ library(jug) context("testing CORS functionality") +test_req_OPTIONS <-RawTestRequest$new() +test_req_OPTIONS$method("OPTIONS") + +test_that("Preflight request receives the right headers",{ + + res<-jug() %>% + cors("/", allow_headers = "Authorization") %>% + process_test_request(test_req_OPTIONS$req) + + expect_true('Access-Control-Allow-Origin' %in% names(res$headers)) + expect_true('Access-Control-Allow-Methods' %in% names(res$headers)) + expect_true('Access-Control-Allow-Headers' %in% names(res$headers)) + +}) + test_req<-RawTestRequest$new() test_that("Access-Control-Allow-Origin default is set to permissive",{ From 3fb16628f68b3603680f2b6829b07c34979ac920 Mon Sep 17 00:00:00 2001 From: Bart6114 Date: Fri, 7 Apr 2017 10:26:08 +0200 Subject: [PATCH 4/4] dev version --- DESCRIPTION | 2 +- README.md | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/DESCRIPTION b/DESCRIPTION index 68a6420..d4957ef 100644 --- a/DESCRIPTION +++ b/DESCRIPTION @@ -1,7 +1,7 @@ Package: jug Type: Package Title: A Simple Web Framework for R -Version: 0.1.6 +Version: 0.1.6.9000 Authors@R: person("Bart", "Smeets", email = "bartsmeets86@gmail.com", role = c("aut", "cre")) URL: https://github.com/Bart6114/jug diff --git a/README.md b/README.md index 003e9c9..bc1afad 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,10 @@ Plugins: ## Changes +### v0.1.6.9000 + +- Fixed CORS preflight request bug (issue #15) + ### v0.1.6 - Ability to specify `auto-unbox` value for json responses