Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support OPTIONS in routes #387

Closed
seancorfield opened this issue Oct 21, 2015 · 6 comments
Closed

Support OPTIONS in routes #387

seancorfield opened this issue Oct 21, 2015 · 6 comments
Assignees
@seancorfield
Labels
enhancement
Milestone
4.0

Comments

@seancorfield
Copy link
Member

Whilst you can add "$OPTIONS*" = "/main/options" and hand back a canned response for preflight checks, it would be much better to be able to enable this for all routes and actually return the allowed verbs specific to each route as well as be able to specify the headers / credentials stuff.
@seancorfield seancorfield self-assigned this Oct 21, 2015
@seancorfield seancorfield added this to the 3.6 milestone Oct 21, 2015
@seancorfield
Copy link
Member Author

This would also need to be baked into the resource template stuff.

@seancorfield
Copy link
Member Author

Here's a canned-response preflight function just to show what might be returned:

function preflight( rc ) {
    var resp = getPageContext().getResponse();
    resp.setHeader( "Access-Control-Allow-Origin", "*" );
    resp.setHeader( "Access-Control-Allow-Methods", "GET, OPTIONS, POST" );
    resp.setHeader( "Access-Control-Allow-Headers", "Accept,Authorization,Content-Type" );
    resp.setHeader( "Access-Control-Allow-Credentials", "true" );
    resp.setHeader( "Access-Control-Max-Age", "1728000" );
    variables.fw.renderData( "text", "" );
}

Any/all portions of this should be overridable. The methods should reflect what is configured in any matching route (this part is hard since we don't currently track this if the method does not match).

@seancorfield
Copy link
Member Author

I'm thinking that adding a boolean preflightsOptions (default false) than when enabled provides built-in OPTIONS support, and an optionsAccessControl struct (default {}) that lets you specify overrides for origin : "*", methods : "GET, OPTIONS, POST", headers : "Accept,Authorization,Content-Type", credentials : true, maxAge : 1728000 values. The methods value will be used if no specific methods are given in routes.

@seancorfield
Copy link
Member Author

For processRoutes(), I'll need to track the methods in non-matches (where the route itself does match) and accumulate a struct of such things). That might match multiple routes but I don't think the framework can (or should) do anything to restrict that.

seancorfield added a commit that referenced this issue Nov 14, 2015
@seancorfield
First cut of #387
59b2b91 
preflightOptions, optionsAccessControl implemented. Route matching and
non-route matching implemented. Renders data for options requests if
preflightOptions enabled.

Tests present for route matching.

Need to write tests for overall HTTP OPTIONS requests.
seancorfield added a commit that referenced this issue Nov 20, 2015
@seancorfield
Complete #387 by handling credentials and max age
2b1f4d1
@seancorfield
Copy link
Member Author

This has now been integrated into the World Singles code base for more extensive QA internally. If no issues arise, I'll close this out and update the documentation.

seancorfield added a commit that referenced this issue Nov 20, 2015
@seancorfield
Fix #387 by ensuring we don't intercept non-OPTIONS requests
df6707e
seancorfield added a commit that referenced this issue Nov 20, 2015
@seancorfield
Ahem #387 fix syntax error
f77888c
@seancorfield
Copy link
Member Author

Seems to be working appropriately. Closing.

This was referenced Nov 30, 2015
Closed
Closed
webonix added a commit to webonix/fw1 that referenced this issue Dec 1, 2015
@webonix
Update Application.cfc
b0fc38a 
added
preflightsOptions  = 'true',

based on
framework-one#387
This was referenced Dec 1, 2015
Open
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@seancorfield seancorfield

Labels
enhancement
Projects
None yet
Milestone
4.0
Development

No branches or pull requests
1 participant
@seancorfield