dbrgn / iron-cors-rs Goto Github PK
View Code? Open in Web Editor NEWA CORS Middleware implementation for Iron.
License: Other
A CORS Middleware implementation for Iron.
License: Other
If the wrapped handler returns an error the cors headers are not set at all, leading to the ui being unable to obtain the reason for the failure if one was set in the body. This makes it impossible to use after middleware to handle error messages gracefully without having to worry about the cors headers.
I would expect the headers to be set on every request in spite of any errors encountered. This way the headers are set and ready for remaining middleware to respond to the client correctly.
Hello,
I have a small project with a BeforeMiddleware
handling authentication, as advocated by https://docs.rs/iron/0.6.0/iron/middleware/index.html#middleware.
I need my API to be CORS friendly, so I used this library.
As CorsMiddleWare
is implemented as an AroundMiddleWare
, the problem is that my routes are failing authentication before having a chance to reach CorsMiddleware
.
I plan to adapt the codebase to switch CorsMiddleware
to a BeforeMiddleware
.
If I'm doing something wrong or you have questions please tell me in this thread.
If you're interested in a pull request, I'll gladly make it. (If I continue with this idea)
Docs:
The boolean flag specifies whether requests without an Origin header should be rejected or not.
That's a bit confusing.
Hello,
I have a web application in angular that access multiple apis using cookies as credentials
The Browser refuses to send cookies if Access-Control-Allow-Credentials isn't setted.
Do you intent offer this support in this library?
If yes, I'll open a pull request.
I can help to implement it, but before I would like to know what are your thoughts or how do you think it should be implemented.
When the domain is the same as the webpage was loaded, the browser doesn't send the origin header.
For example, when I launch a server in localhost and with cors like ["localhost:3000"]
the middleware doesn't allow the request because the browser is not sending the cors.
That will apply to if I have a webpage that is using some subroute as api endpoint (can be done with nginx).
Anyway, that should be configurable for be able to express "My domain and this other domains".
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.