const mixinafBedSheet::CorsHandler
afBedSheet::CorsHandler
Cross Origin Resource Sharing (CORS) is a strategy for browsers to overcome the limitations of cross domain scripting. The handshake is done via http headers:
- The browser sets CORS specific http headers in the request
- The server inspects the headers and sets its own http headers in the response
- The browser asserts the resonse headers
On the browser side, most of the header setting and checking is done automatically by XMLHttpRequest. On the server side, contribute the following routes to the paths that will service the ajax requests:
@Contribute { serviceType=Routes# }
static Void contributeRoutes(OrderedConfig conf) {
simpleRoute := Route(`<simple-path>`, CorsHandler#serviceSimple, "GET POST")
preflightRoute := Route(`<preflight-path>`, CorsHandler#servicePrefilght, "OPTIONS")
conf.add("corsSimple", simpleRoute, ["before: routes"])
conf.add("corsPreflight", preflightRoute, ["before: routes"])
}
And set the following config values:
- ConfigIds.corsAllowedOrigins
- ConfigIds.corsAllowCredentials
- ConfigIds.corsExposeHeaders
- ConfigIds.corsAllowedMethods
- ConfigIds.corsAllowedHeaders
- ConfigIds.corsMaxAge
@see the following for specifics:
- servicePrefilght
abstract Bool servicePrefilght(Uri uri := ``)Map to an
OPTIONShttp method to service complex CORS preflight reqs. Returnstruebecause the real request should follow with a different http method. Uri not used.- serviceSimple
abstract Bool serviceSimple(Uri uri := ``)Sets response headers if the request a simple CORS request. Returns
false. Uri not used.