[Question] Is it possible to add CORS configuration for authorized failed response?

[hhashoww]

Hello,

I'm trying to implement the authorization logic in my project,
I face a CORS problem when I get the Unauthorized (401) response from the oatpp server

I know there is a macro ADD_CORS that can handle the CORS problem at each END POINT
but Is it possible to add CORS configuration in my authorize callback function?

class BearerAuthorizationObject : public oatpp::web::server::handler::AuthorizationObject {
 public:
  // oatpp::String user;
  // oatpp::String password;
  oatpp::String token;
};

class MyBearerAuthorizationHandler : public oatpp::web::server::handler::BearerAuthorizationHandler {
 public:
  MyBearerAuthorizationHandler() : oatpp::web::server::handler::BearerAuthorizationHandler("my-realm") {}

  std::shared_ptr<AuthorizationObject> authorize(const oatpp::String& token) override {

    if (token == "4e99e8c12de7e01535248d2bac85e732") {
      auto obj = std::make_shared<BearerAuthorizationObject>();
      obj->user = "foo";
      obj->password = "bar";
      obj->token = token;
      return obj;
    }

    return nullptr;
  }
};

[lganzzzo]

Hello @hhashoww ,

This project implements this.
Please look here - https://github.com/oatpp/example-jwt/blob/master/src/AppComponent.hpp#L68

Make sure to add interceptors in the same order:

    auto connectionHandler = oatpp::web::server::HttpConnectionHandler::createShared(router);

    connectionHandler->setErrorHandler(std::make_shared<ErrorHandler>(objectMapper));

    connectionHandler->addRequestInterceptor(std::make_shared<oatpp::web::server::interceptor::AllowOptionsGlobal>());
    connectionHandler->addRequestInterceptor(std::make_shared<AuthInterceptor>(jwt));

    connectionHandler->addResponseInterceptor(std::make_shared<oatpp::web::server::interceptor::AllowCorsGlobal>());

AllowOptionsGlobal Request Interceptor must go before AuthInterceptor.
And don't forget to add AllowCorsGlobal Response Interceptor.

[hhashoww]

Hi @lganzzzo,

I do really appreciate your help and I'd give it a try.
If any progress has been made, I'll share the result here 👍

[hhashoww]

I can't integrate the example to my project, my application is built on Windows 10

And I'm not familiar with jwt-cpp, but I think the default "jwt.h" should provide the jwt::picojson_traits?
so I copy the basic files in the jwt-cpp library to my project folder

jwt-cpp/
├─ jwt.h
├─ base.h
├─ traits/
│  ├─ kazuho-picojson/
│  │  ├─ traits.h
│  │  ├─ defaults.h

But the compiled result is failed

:(

[lganzzzo]

Hello @hhashoww ,

I'm not sure what is your question about:)?
The original question was about CORS - for this you don't need to integrate anything - just add CORS interceptors.

[hhashoww]

Hello @lganzzzo

I think the remaining problem of the integration is out of the scope
I'll close the issue :)

Thanks again for your help