CORS integration

[bsjung]

I needed CORS support for my project.
Thus I've made an experimental Start web framework.

All code is at https://github.com/bsjung/start_examples/blob/master/jwt/server/server.dart.

At first, I've added "cors" option at start().

---

void main() {
Logger.root.level = Level.ALL;
Logger.root.onRecord.listen((rec) {
print('${rec.level.name}: ${rec.time}: ${rec.message}');
});

start(port: 3000, cors: true).then((Server app) {

---

And, I've add addCorsHeaders with options from start().

---

void addCorsHeaders(HttpResponse response) {
response.headers.add('Access-Control-Allow-Origin', '*');
response.headers.add('Access-Control-Allow-Methods', 'GET,HEAD,PUT,PATCH,POST,DELETE');
response.headers.add('Access-Control-Allow-Headers',
'access-control-allow-origin,content-type,x-access-token');
}

---

Experimental Start web framework is at https://github.com/bsjung/start.
JWT example using CORS options is at https://github.com/bsjung/start_examples/blob/master/jwt/server.

Benjamin Jung ( bsjung@gmail.com )

[lvivski]

Cross Origin requests headers are absolutely important, when you're building an API. However, I don't think that it's useful to set it to * for all requests by default. You may easily introduce unnecessary security issues by doing that. It's more useful to have those headers added for each endpoint independently, when needed. Additionally, it's important to allow users to have more control over what headers are exposed and what verbs are allowed.

[bsjung]

Ok. I think so. I've tested for my project.
At first, I've tried with the plugin approach. But it takes more time.
Thus, I've experimented with Start framework easily.

I agreed with you that it is important to give users to have more control over CORS.
Thus, I have to more investment on CORS with Plug-in approch.

Thanks a lot.

Benjamin Jung ( bsjung@gmail.com )