Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CORS error #102

Closed
hitecSmartHome opened this issue Jul 16, 2024 · 2 comments
Closed

CORS error #102

hitecSmartHome opened this issue Jul 16, 2024 · 2 comments

Comments

@hitecSmartHome
Copy link

Hi! I'm wondering how to bypass CORS errors.

I have added these default headers to my server:

DefaultHeaders::Instance().addHeader("Access-Control-Allow-Origin", "*");
DefaultHeaders::Instance().addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
DefaultHeaders::Instance().addHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, Accept");

I have also setup my notfound handler like this so it will return a 200 OK response if the method is HTTP_OPTIONS

server.onNotFound(std::bind(&HsHServer::notFoundHandler,this,std::placeholders::_1));

esp_err_t HsHServer::notFoundHandler(PsychicRequest *request){
    Serial.printf(
        "\n[Server] - 404\nURL: %s\nMethod: %s\nBody: %s\n",
        request->url().c_str(),
        request->methodStr().c_str(),
        request->body().c_str()
    );
    if( request->method() == HTTP_OPTIONS ){
        return request->reply(200);
    }
    return request->reply(404);
}

But I still get CORS error in the browser. Any more ideas? I have also tried to create a new response object, set these headers and send that response instead of replying to the request. Did not work.
@hitecSmartHome
Copy link
Author

hitecSmartHome commented Jul 19, 2024
edited
Loading

What I have found is that the notFoundHandler does not capture OPTIONS requests.
When I added two handlers for the same endpoint, one for HTTP_GET and one for HTTP_OPTIONS it started to work without additional tinkering.

Right now it looks like this:

DefaultHeaders::Instance().addHeader("Access-Control-Allow-Origin", "*");
DefaultHeaders::Instance().addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
DefaultHeaders::Instance().addHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, Accept");

// Return 200 for OPTIONS type
server.on("/getSysInfo", HTTP_OPTIONS, [](PsychicRequest *request) {
    return request->reply(200);
});
// Handle the actual request
server.on("/getSysInfo",HTTP_GET,[](PsychicRequest *request){
});

This is a really bad design since I must make a copy of every handler in my app.
Instead it would be good to capture every HTTP_OPTIONS request and handle them before.
Some middleware to the server since the notFoundHandler does not capture everything it seems.

@hoeken Is this possible somehow?

@hitecSmartHome
Copy link
Author

hitecSmartHome commented Jul 19, 2024
edited
Loading

This also doesn't seem to work
Okay this works. I removed the OPTIONS endpoints, added this before the notFoundHandler and the CROS works with the default headers

server.on("/*", HTTP_OPTIONS, [](PsychicRequest *request) {
    printf(
        "\n[Server] - OPTIONS\nURL: %s\nMethod: %s\nBody: %s\n",
        request->url().c_str(),
        request->methodStr().c_str(),
        request->body().c_str()
    );
    return request->reply(200);
});

@hitecSmartHome hitecSmartHome mentioned this issue Jul 19, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hitecSmartHome