Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CORS and dealing with extra headers for “preflighted” requests #30

Closed
Reinmar opened this issue Jul 6, 2011 · 2 comments
Closed

CORS and dealing with extra headers for “preflighted” requests #30

Reinmar opened this issue Jul 6, 2011 · 2 comments
Assignees
@mcavage

Comments

@Reinmar
Copy link

Reinmar commented Jul 6, 2011

Hi,
I've tried to connect to restify server via browser's XMLHttpRequest. To do that for each request I'm manually adding headers needed by CORS (Access-Control-Allow-(Origin|Methods|Headers)). But I've encountered error with preflighted requests which are handled by restify automatically. For those requests browser sends Content-Type: application/json header but receives no Access-Control-Allow-Headers so it fails.

As a fast hack I've added in server.js:426 line like:
headers['Access-Control-Allow-Headers'] = 'Content-Type';
but of course this is not a god way. Unfortunately it seems there is no other at this time.

IMHO there should be option to set headers globally in options parameter. Because now the only way I've found to deal with CORS is adding headers option in each response.send call. Global server setting will help with this and also with preflighted requests.

I also want to say that we've got in Poland SSJS DevCamp, we've tested a lot of node modules and we've really liked Yours :) Thank You.
@mcavage
Copy link
Contributor

mcavage commented Jul 6, 2011

Agreed. I'll do two things: (1) I'll add Access-Control-Allow-Headers defaults (since I already automatically fill in methods and origin to *) for the sane things you typically need to send, but (2) Allow you to set them (and just change from hardcoding to defaults).

I'm really happy to hear it's working out well for you!

m

@ghost ghost assigned mcavage Jul 6, 2011
mcavage pushed a commit that referenced this issue Jul 6, 2011
GH-30 Support for overriding header manipulation
1af5a2f
@mcavage
Copy link
Contributor

mcavage commented Jul 6, 2011

Ok, this is pushed out in version 0.3.9 (so npm update should get you going). The docs are there, but basically, do this:

restify.createServer({
  headers: {
    'X-Foo': function(res) {
      return 'bar';
    }
  }
});

You get a copy of the current response object after it's had all data and other gimmicks added to it; that's all largely undocumented (the stuff tacked on), but a console.log(require('util').inspect(res)); should get you going :). You can override any of the stuff restify does for you with this. Also, I added access-control-allow-headers defaults, so that may unblock your immediate pressing problem.

@mcavage mcavage closed this as completed Jul 6, 2011
@googletorp googletorp mentioned this issue Jul 21, 2012
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mcavage mcavage

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Reinmar @mcavage