csantanapr commented on a change in pull request #2327: Update OPTIONS Respones for Web Actions (Review) URL: https://github.com/apache/incubator-openwhisk/pull/2327#discussion_r121764416
########## File path: docs/webactions.md ########## @@ -360,6 +360,47 @@ $ curl -k -H "content-type: application" -X POST -d "Decoded body" https://${API "body": "Decoded body" } ``` +## Options Requests + +By default, an OPTIONS request made to a web action will result in CORS headers being automatically added to the +response headers. These headers allow all origins and the options, get, delete, post, put, head, and patch HTTP verbs. +The headers are shown below: + +``` +Access-Control-Allow-Origin: * +Access-Control-Allow-Methods: OPTIONS, GET, DELETE, POST, PUT, HEAD, PATCH +``` + +Alternatively, OPTIONS requests can be handled manually by a web action. To enable this option add a +`web-custom-options` annotation with a value of `true` to a web action. When this feature is enabled, CORS headers will +not automatically be added to the request response. Instead, it is the developer's responsibility to append his or her +desired headers programmatically. Below is an example of creating custom resposnes to OPTIONS requests. + +``` +function main(params) { + if (params.__ow_method == "options") { + return { + headers: { + 'Access-Control-Allow-Methods': 'OPTIONS, GET' Review comment: Add a second header to the example, maybe overwriting the origin, Then there is no assumption that origin header will be return with '*" and the rest with custom. ``` Access-Control-Allow-Origin: 'example.com' ``` ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
