Brian, Thanks for the comment.
We thought that the OPTIONS command set the permissions up for the rest of the POST command, thats why there's a two-step process. It may well be that the version we had running under node.js did all of this under the covers. We'll plug that in and have a try. Thanks for taking the time to reply. Rob On Wed, Apr 29, 2015 at 1:08 PM, Brian Duggan <[email protected]> wrote: > Hi Rob, > > You'll want to send the CORS headers with requests other than OPTIONS, > e.g. a minimal example to enable it everywhere might be : > > app->hook(after_dispatch => sub { > my $c = shift; > $c->res->headers->header('Access-Control-Allow-Origin' => '*'); > } > > Brian > > On Wednesday, April 29, John wrote: > > I have not ready your entire post so don't know if this will apply in > your > > case: Mojolicious::Plugin::CORS > > > > John > > > > On 04/29/2015 06:44 AM, Rob Willett wrote: > > >Hi, > > > > > >First time poster. > > > > > >We've written an app using jquery, Cordova and were trying too work out > a > > >simple REST server framework to use. Since we had a lot of code already > > >written in JavaScript and using SQLite we thought we'd try express.js > and > > >the sqlite modules there. Whilst simple interactions seem to work, the > > >asynchronous nature and the complete lack of sensible support for SQL > > >transactions, we abandoned that and went back to our other option > > >Mojolicious. > > > > > >I've been reading a lot about Mojlicious and have struggled to find the > > >answer to what I think should be a simple problem. We simply want to > allow > > >anybody to access the Mojlicious web app. Our app will be on our own > > >intranet and we don't want anything in the way. > > > > > >We thought this would be simple but we seem to be struggling with this > and > > >after reading vast quantities of blogs, cpan sections we still cannot > get > > >a simple browser running Firefox to make a simple POST request to a > > >Mojlicious server. We are embarrassed but after two days enough is > enough, > > >we're asking for help. > > > > > >This is the smallest server code we could write. > > > > > >| > > >#!/usr/bin/perl -w > > > > > >use Mojolicious::Lite; > > > > > >options '*' => sub { > > > my $self = shift; > > > > > >$self->res->headers->header('Access-Control-Allow-Origin' => '*'); > > >$self->res->headers->header('Access-Control-Allow-Credentials' => > 'true'); > > >$self->res->headers->header('Access-Control-Allow-Methods' => 'GET, > > >OPTIONS, POST, DELETE, PUT'); > > >$self->res->headers->header('Access-Control-Allow-Headers' => > > >'Content-Type'); > > >$self->res->headers->header('Access-Control-Max-Age' => '1728000'); > > > > > > $self->respond_to(any => { data => '', status => 200 }); > > >}; > > > > > >get '/data' => sub { > > > my $self = shift; > > > > > > print "GET found\n"; > > > $self->render(text => 'ok'); > > >}; > > > > > >post '/data' => sub { > > > my $self = shift; > > > > > > print "\nPOST found\n"; > > > $self->render(text => 'POST ok'); > > >}; > > > > > >app->secrets(['My very secret passphrase.']); > > > > > >app->start; > > >| > > > > > >The code to call it from our app is > > > > > >| > > >$http({ > > > url: "http://localhost:3000/data"; , > > > method: 'POST' , > > > headers: { 'Content-Type': 'application/json' } , > > > data: { payload : payload } > > >}).then(function(response) { > > > // Success > > >ConsoleLog("$http POST success"); > > > } , > > >function(response) { > > >ConsoleLog("$http POST failure"); > > >}); > > >| > > > > > >We know this angular code works calling express.js running on node.js we > > >we had it running, we extracted the JSON data from it and updated > > >databases. > > > > > >If we access this from curl, it works fine. > > > > > >| > > >curl --data "id=123" http://localhost:3000/data > > >| > > > > > >We get 'POST OK' returned. > > > > > >If we access this from a Firefox browser, which we use as a development > > >testing mule, we get > > > > > >| > > >Cross-Origin Request Blocked: The Same Origin Policy disallows reading > the > > >remote resource at http://localhost:3000/data. This can be fixed by > moving > > >the resource to the same domain or enabling CORS. > > >| > > > > > >We can see the OPTIONS method being called from the Network debugger > under > > >Firefox and it returns 200 which is OK. This is followed by a POST > method > > >and that looks OK as it returns 200. If we examine the headers it all > > >'looks ok' but clearly isn't. We can see that the debugging from the > > >Mojlicious server prints out "Post found" which is what we would expect. > > > > > >< > https://lh3.googleusercontent.com/-M5gnpxpeQzI/VUDDNTSXHnI/AAAAAAAAAHE/hgu5HgdWP9Q/s1600/Screen%2BShot%2B2015-04-29%2Bat%2B12.16.00.png > > > > > > > >We're sure this is something simple, but after a very long night and far > > >too much coffee we've no idea what the problem is. > > > > > >Any suggestions welcomed (including pack it all in and take up fishing). > > > > > >Thanks > > > > > >Rob > > > > > > > > >-- > > >You received this message because you are subscribed to the Google > Groups > > >"Mojolicious" group. > > >To unsubscribe from this group and stop receiving emails from it, send > an > > >email to [email protected] > > ><mailto:[email protected]>. > > >To post to this group, send email to [email protected] > > ><mailto:[email protected]>. > > >Visit this group at http://groups.google.com/group/mojolicious. > > >For more options, visit https://groups.google.com/d/optout. > > > > -- > > You received this message because you are subscribed to the Google > Groups "Mojolicious" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > > To post to this group, send email to [email protected]. > > Visit this group at http://groups.google.com/group/mojolicious. > > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "Mojolicious" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/mojolicious. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Mojolicious" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/mojolicious. For more options, visit https://groups.google.com/d/optout.
