Mailing List Archive

Access-Control-Allow-Origin
Hi

Can anybody tell me to to add an "Access-Control-Allow-Origin" in the
header:

I've tried "$c->response->header('Access-Control-Allow-Origin' => '*');

But I don't see it in the response

--
Kind regards

Theo Bot
Re: Access-Control-Allow-Origin [ In reply to ]
cOn 15 Jun 2018, at 13:54, Theo Bot wrote:
> Can anybody tell me to to add an "Access-Control-Allow-Origin" in the
> header:
>
> I've tried "$c->response->header('Access-Control-Allow-Origin' =>
> '*');

That's how you do it.

> But I don't see it in the response

Is that line of code actually running for the response?

Have you put it on the wrong route by mistake?

Are you putting it on the response for a POST or GET request when the
browser is making a preflight OPTIONS request which isn't being handled
by that?

_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
Re: Access-Control-Allow-Origin [ In reply to ]
You can also consider using a Plack middleware:
https://metacpan.org/pod/Plack::Middleware::CrossOrigin

Cheers,
-- Dimi

On Fri, Jun 15, 2018 at 3:07 PM, David Dorward <david@dorward.me.uk> wrote:

> cOn 15 Jun 2018, at 13:54, Theo Bot wrote:
>
>> Can anybody tell me to to add an "Access-Control-Allow-Origin" in the
>> header:
>>
>> I've tried "$c->response->header('Access-Control-Allow-Origin' => '*');
>>
>
> That's how you do it.
>
> But I don't see it in the response
>>
>
> Is that line of code actually running for the response?
>
> Have you put it on the wrong route by mistake?
>
> Are you putting it on the response for a POST or GET request when the
> browser is making a preflight OPTIONS request which isn't being handled by
> that?
>
> _______________________________________________
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/ca
> talyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
Re: Access-Control-Allow-Origin [ In reply to ]
On Fri, Jun 15, 2018, 15:25 David Dorward <david@dorward.me.uk> wrote:

> cOn 15 Jun 2018, at 13:54, Theo Bot wrote:
> > Can anybody tell me to to add an "Access-Control-Allow-Origin" in the
> > header:
> >
> > I've tried "$c->response->header('Access-Control-Allow-Origin' =>
> > '*');
>
> That's how you do it.
>
> > But I don't see it in the response
>
> Is that line of code actually running for the response? Yes
>
> Have you put it on the wrong route by mistake? ??
>
> Are you putting it on the response for a POST or GET request when the
> browser is making a preflight OPTIONS request which isn't being handled
> by that? An Ajax (jqeury) post request.
>
> _______________________________________________
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
Re: Access-Control-Allow-Origin [ In reply to ]
David,

It is routed to the default en routine:

sub end :ActionClass('RenderView') {
my($self,$c) = @_;
}

On Fri, Jun 15, 2018 at 3:07 PM, David Dorward <david@dorward.me.uk> wrote:

> cOn 15 Jun 2018, at 13:54, Theo Bot wrote:
>
>> Can anybody tell me to to add an "Access-Control-Allow-Origin" in the
>> header:
>>
>> I've tried "$c->response->header('Access-Control-Allow-Origin' => '*');
>>
>
> That's how you do it.
>
> But I don't see it in the response
>>
>
> Is that line of code actually running for the response?
>
> Have you put it on the wrong route by mistake?
>
> Are you putting it on the response for a POST or GET request when the
> browser is making a preflight OPTIONS request which isn't being handled by
> that?
>
> _______________________________________________
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/ca
> talyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>



--
Met vriendelijke groet,

Theo Bot
Re: Access-Control-Allow-Origin [ In reply to ]
I use the following code to allow all origins:

$c->response->header('Access-Control-Allow-Origin' =>
$c->req->header('origin'));
$c->response->header('Access-Control-Allow-Methods' =>
'GET,POST,OPTIONS');
$c->response->header('Access-Control-Allow-Headers' =>
'accept,content-type');
$c->response->header('Access-Control-Allow-Credentials' => 'true');

if ($c->req->method eq 'OPTIONS') {
$c->stash(jsonrpc_output => { result => 'CORS Workaround' });
return;
}


On Mon, Jun 18, 2018 at 3:34 AM, Theo Bot <thg.bot@gmail.com> wrote:

> David,
>
> It is routed to the default en routine:
>
> sub end :ActionClass('RenderView') {
> my($self,$c) = @_;
> }
>
> On Fri, Jun 15, 2018 at 3:07 PM, David Dorward <david@dorward.me.uk>
> wrote:
>
>> cOn 15 Jun 2018, at 13:54, Theo Bot wrote:
>>
>>> Can anybody tell me to to add an "Access-Control-Allow-Origin" in the
>>> header:
>>>
>>> I've tried "$c->response->header('Access-Control-Allow-Origin' => '*');
>>>
>>
>> That's how you do it.
>>
>> But I don't see it in the response
>>>
>>
>> Is that line of code actually running for the response?
>>
>> Have you put it on the wrong route by mistake?
>>
>> Are you putting it on the response for a POST or GET request when the
>> browser is making a preflight OPTIONS request which isn't being handled by
>> that?
>>
>> _______________________________________________
>> List: Catalyst@lists.scsys.co.uk
>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>> Searchable archive: http://www.mail-archive.com/ca
>> talyst@lists.scsys.co.uk/
>> Dev site: http://dev.catalyst.perl.org/
>>
>
>
>
> --
> Met vriendelijke groet,
>
> Theo Bot
>
>
> _______________________________________________
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/
> catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
>


--
João André Simioni
jasimioni@gmail.com
Re: Access-Control-Allow-Origin [ In reply to ]
If you have a front end web server then you can let it handle the CORS for
you and don't worry about it in your app, I've used the approach in
https://awesometoast.com/cors/ with success for apache, I've heard it's
also pretty straightforward for nginx. This way you avoid a full catalyst
request for the preflights.


On Mon, 18 Jun 2018 at 18:06 João André Simioni <jasimioni@gmail.com> wrote:

> I use the following code to allow all origins:
>
> $c->response->header('Access-Control-Allow-Origin' =>
> $c->req->header('origin'));
> $c->response->header('Access-Control-Allow-Methods' =>
> 'GET,POST,OPTIONS');
> $c->response->header('Access-Control-Allow-Headers' =>
> 'accept,content-type');
> $c->response->header('Access-Control-Allow-Credentials' => 'true');
>
> if ($c->req->method eq 'OPTIONS') {
> $c->stash(jsonrpc_output => { result => 'CORS Workaround' });
> return;
> }
>
>
> On Mon, Jun 18, 2018 at 3:34 AM, Theo Bot <thg.bot@gmail.com> wrote:
>
>> David,
>>
>> It is routed to the default en routine:
>>
>> sub end :ActionClass('RenderView') {
>> my($self,$c) = @_;
>> }
>>
>> On Fri, Jun 15, 2018 at 3:07 PM, David Dorward <david@dorward.me.uk>
>> wrote:
>>
>>> cOn 15 Jun 2018, at 13:54, Theo Bot wrote:
>>>
>>>> Can anybody tell me to to add an "Access-Control-Allow-Origin" in the
>>>> header:
>>>>
>>>> I've tried "$c->response->header('Access-Control-Allow-Origin' => '*');
>>>>
>>>
>>> That's how you do it.
>>>
>>> But I don't see it in the response
>>>>
>>>
>>> Is that line of code actually running for the response?
>>>
>>> Have you put it on the wrong route by mistake?
>>>
>>> Are you putting it on the response for a POST or GET request when the
>>> browser is making a preflight OPTIONS request which isn't being handled by
>>> that?
>>>
>>> _______________________________________________
>>> List: Catalyst@lists.scsys.co.uk
>>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>>> Searchable archive:
>>> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
>>> Dev site: http://dev.catalyst.perl.org/
>>>
>>
>>
>>
>> --
>> Met vriendelijke groet,
>>
>> Theo Bot
>>
>>
>> _______________________________________________
>> List: Catalyst@lists.scsys.co.uk
>> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>> Searchable archive:
>> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
>> Dev site: http://dev.catalyst.perl.org/
>>
>>
>
>
> --
> João André Simioni
> jasimioni@gmail.com
> _______________________________________________
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>