Issue with CORS for specific domain


#1

First, thanks for the help so far with CORS.

When setting config.cors = true everything works as expected.

  1. The preflight OPTIONS request succeeds unauthenticated and Access-Control-Allow-Origin: ‘*’ is returned in the response headers

  2. The GET/POST/PUT/DELETE also returns Access-Control-Allow-Origin: ‘*’ as a header value…allowing the browser to accept the response.

Unfortunately the above scenario seems to be the only one where CORS is successful.

If I set config.cors to any value other than true what happens is:

  1. The preflight OPTIONS request succeeds unauthenticated and Access-Control-Allow-Origin is returned in the headers with the value in the configuration for config.cors
    eg. if config.cors = ‘http://www.example.com is configured Access-Control-Allow-Origin: ‘http://www.example.com is returned in response headers…the same goes for config.cors = ‘*’ - in this case Access-Control-Allow-Origin: ‘*’ is in the OPTIONS response headers as expected.

  2. The GET/POST/PUT/DELETE DOES NOT CONTAIN Access-Control-Allow-Origin as a response header value…so even though we get a 200/201 back on this call, the browser rejects.


#2

@balutbomber Fixed in https://github.com/tongueroo/jets/pull/176 Released in v1.6.6. Hope it works now. Thanks for reporting it!


#3

Thanks @tung . I should ask if you would prefer I open issues in github rather than through here? I come here really with the assumption that I am most likely doing something wrong.

On a related note…please tell me to go read the manual if it is in there, though I don’t recall seeing it…is it possible to set custom response headers at the controller level?


#4

I should ask if you would prefer I open issues in github rather than through here? I come here really with the assumption that I am most likely doing something wrong.

Np. Sure, prefer issues when they have all the info required: reproducibility, code samples, etc. Trying to keep the GitHub issues signal-to-noise ratio high. The info gathering is so helpful to fix things quickly. For questions, think these community forums are better since usually not all the info is gathered yet.

RE: is it possible to set custom response headers at the controller level?

All good. Here are examples of how to set a response header.