martini-contrib / cors Goto Github PK

OPTIONS requests ask for a set of headers to be sent with a 200 OK code. This error code is not set by the middleware, so routing continue through the other middlewares and handlers, resulting in incorrect behavior.

For instance, if doing a Basic Auth check right after the CORS check, an OPTIONS request will get 401 Unauthorized error code thus won't perform the call.

My solution is currently to add a catch-all for OPTIONS (see snipet below) with an empty handler, which will result in the correct error code being sent back (instead of 401, 404, etc).

m := martini.New()

m.Use(cors.Allow(&cors.Options{
    AllowAllOrigins: true,
    AllowMethods: []string{"GET"},
}))

r := martini.NewRouter()
r.Options("/**", func() { return })

// Other handlers

m.Action(r.Handle)

http.ListenAndServe(":"+strconv.Itoa(c.Port), m)

Why is the CORS middleware not working for me? I am absolutely stumped.

I'm trying to connect an Angular up up to my REST API. I've written this much smaller app which should just return POST

func App() *martini.ClassicMartini {
    m := martini.Classic()
    m.Use(render.Renderer())

    options := &cors.Options{
        AllowAllOrigins: true,
        AllowMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE"},
    }
    m.Use(cors.Allow(options))

    m.Group("/visitor", func(r martini.Router) {
        r.Get("/:id", Get)
        r.Get("", All)
        r.Post("/:id", Post)
        r.Put("/:id", Put)
        r.Options("/**", func() { return })
    })

    return m
}

func Post(params martini.Params) string {
    fmt.Println(params)
    return "POST"
}

func main() {
    m := App()
    listen := fmt.Sprintf("%s:%d", "localhost", 3000)
    fmt.Printf("Simple listening on %s\n", listen)
    log.Fatal(http.ListenAndServe(listen, m))
}

The examples provided demonstrate using cors.Allow() in the Martini middleware stack.

In my case I am working on a router service which has a single handler as middleware and passes off the various actions in a procedural manner.

Is it valid to do the following inside my handler:

doCors := cors.Allow(&cors.Options{
    AllowOrigins:     permittedDomains,
})

doCors(response, request)

I've left out any additional logic.

Many thanks,
Ian

Martini has moved to the go-martini github org. Make sure this package uses the new martini import path.

The wercker status has been showing the 'fail' state for quite some time now. I guess it was because of some machine error than an actual test failure. @rakyll can you rebuild it so that it won't deter any new visitors.