login and logout should have options configured or provide a way to set custom allow header options

[jazeee]

From testing with Angular v1.2.28 $resource against Restivus, I am finding that I cannot use the login and logout endpoints via CORS.

In order to make the endpoints work, they should have options set, as:

For login:

    options: ->
        @response.writeHead(200,
            'Access-Control-Allow-Origin': "*"
            'Access-Control-Allow-Headers': "content-type"
        )
        @done()

For logout:

    options:
        authRequired: false   #Options must be accessible without authorization.
        action: ->
            @response.writeHead(200,
                'Access-Control-Allow-Origin': "*"
                'Access-Control-Allow-Headers': "x-user-id, x-auth-token"
            )
            @done()

EDIT:
Specifically, this is via Cross origin. Ie: one site accessing REST on another site.

[kahmali]

This one completely slipped past me! I must have saw the notification when you created the other issue around the same time and thought they were the same. Sorry about that! This should definitely be fixed. I'll update it asap (unless you beat me to it). This could probably be added as the default OPTIONS endpoint on all routes (whenever CORS is enabled).

[jazeee]

Excellent. That sounds good to me.
On Jul 6, 2015 11:03 AM, "Kahmali Rose" notifications@github.com wrote:

This one completely slipped past me! I must have saw the notification when
you created the other issue around the same time and thought they were the
same. Sorry about that! This should definitely be fixed. I'll update it
asap (unless you beat me to it). This could probably be added as the default
OPTIONS endpoint
https://github.com/kahmali/meteor-restivus#defaultoptionsendpoint on
all routes (whenever CORS is enabled).

—
Reply to this email directly or view it on GitHub
#99 (comment)
.

[AlexFrazer]

+1
Could also be solved via middlewares, imo

[kahmali]

This is at the top of my list when I return from vacation. I'd be willing to review a pull request on vacation, but I promised myself I wouldn't handle any updates, no matter how minor.

As for middleware, middleware makes everything better :) It just makes your api that much more modular, since it can be so easily swapped out. The focus of v0.9.0 will be middleware support on endpoints (it technically already exists, but I want to provide a clean api for it), and converting existing functionality to middleware. We can do a quick fix for this in the meantime.

[jazeee]

No problem. I am not in a rush on this.
I have been super busy on work related things.
Agreed on the middle ware topics. When I get time, I'd love to play around
with it.
Have a great vacation.
On Jul 14, 2015 4:11 PM, "Kahmali Rose" notifications@github.com wrote:

This is at the top of my list when I return from vacation. I'd be willing
to review a pull request on vacation, but I promised myself I wouldn't
handle any updates, no matter how minor.

As for middleware, middleware makes everything better :) It just makes
your api that much more modular, since it can be so easily swapped out. The
focus of v0.9.0 will be middleware support on endpoints (it technically
already exists, but I want to provide a clean api for it), and converting
existing functionality to middleware. We can do a quick fix for this in the
meantime.

—
Reply to this email directly or view it on GitHub
#99 (comment)
.

[nooitaf]

+1 :)

[kahmali]

Can anyone test faa77e0 and let me know if it resolves this issue? I still can't think of a way to setup automated tests for CORS, and I don't have an API in place to test this against right now.

All you should need is to have the useDefaultAuth and enableCors API options both set to true (CORS is enabled by default).

[kahmali]

I think I've fixed this issue. I know @jazeee is busy right now. Is anyone else able to test this out and let me know if it works so I can publish it? @AlexFrazer? @nooitaf? I hope to make some major modifications to restivus soon, and I'll have to pull this in without fully testing if it comes to that. All existing tests pass, so at least it doesn't appear to break anything.

Any help is greatly appreciated. Thanks!

[jazeee]

I think the changes look good. I see no issue.

[kahmali]

v0.8.4 has been published with this update