Preflight requests: I want to help. What are your thoughts about it?
DavidBM opened this issue · comments
I can help to implement it, but before I would like to know what are your thoughts or how do you think it should be implemented.
Thanks for the offer!
I didn't give them much thought yet. Is it possible to handle OPTIONS requests to any resource from a middleware? It looks like it should be possible, since in one of my projects iron responds to OPTIONS requests even if I didn't explicitly register an OPTIONS handler in my router.
If that's the case, following this crazy flowchart should be quite straightforward.
I played a bit with Iron and I found the trick. The after middlewares always are executed, independent of the HTTP verb. That means, that is the user adds a route in GET /users/:id, and the browser makes an OPTION /users/:id, the before middleware will be ignored, but the after will be executed.
Ah, interesting. Good to know :)
You can see this implementation as reference: https://github.com/fxbox/iron-cors
@DavidBM do you plan to work on preflight requests in the near future? In that case I'd delay a crates.io release until that has landed.
I just checked that around middlewares execute too when the http verb is not the same as the route. I will try to implement preflight :)
For anyone looking for Iron middleware that allows CORS preflight requests:
extern crate iron;
use iron::{ Iron, Request, Response, IronResult };
use iron::middleware::AfterMiddleware;
use iron::headers::AccessControlAllowOrigin;
struct CorsMiddleware;
impl AfterMiddleware for CorsMiddleware {
fn after(&self, _: &mut Request, mut res: Response) -> IronResult<Response> {
let url = "https://some-domain.com/";
res.headers.set(AccessControlAllowOrigin::Value(url.to_owned()));
res.headers.set_raw("access-control-allow-headers",
vec![b"Content-Type".to_vec()]
);
Ok(res)
}
}
fn main() {
Iron::new(CorsMiddleware)
.http(("0.0.0.0", 3000))
.unwrap();
}
Preflight request are already implemented. I close this ticket!