const mixinafBedSheet::CorsHandler

afBedSheet::CorsHandler

Cross Origin Resource Sharing (CORS) is a strategy for browsers to overcome the limitations of cross domain scripting. The handshake is done via http headers:

  1. The browser sets CORS specific http headers in the request
  2. The server inspects the headers and sets its own http headers in the response
  3. The browser asserts the resonse headers

On the browser side, most of the header setting and checking is done automatically by XMLHttpRequest. On the server side, contribute the following routes to the paths that will service the ajax requests:

@Contribute { serviceType=Routes# }
static Void contributeRoutes(OrderedConfig conf) {

  simpleRoute    := Route(`<simple-path>`,    CorsHandler#serviceSimple,    "GET POST")
  preflightRoute := Route(`<preflight-path>`, CorsHandler#servicePrefilght, "OPTIONS")

  conf.add("corsSimple",    simpleRoute,    ["before: routes"])
  conf.add("corsPreflight", preflightRoute, ["before: routes"])

}

And set the following config values:

@see the following for specifics:

servicePrefilght

Source

abstract Bool servicePrefilght(Uri uri := ``)

Map to an OPTIONS http method to service complex CORS preflight reqs. Returns true because the real request should follow with a different http method. Uri not used.

serviceSimple

Source

abstract Bool serviceSimple(Uri uri := ``)

Sets response headers if the request a simple CORS request. Returns false. Uri not used.