Hi Rob,
My understanding is that if the user-agent sends OPTIONS (which it must
do only for a non-GET/HEAD/POST), then you go down this path :
http://www.w3.org/TR/cors/#cross-origin-request-with-preflight
which still reaches the "resource sharing check" :
http://www.w3.org/TR/cors/#resource-sharing-check
which starts out:
If the response includes zero or more than one
Access-Control-Allow-Origin header values, return fail and terminate
this algorithm.
Brian
On Wednesday, April 29, Rob Willett wrote:
> Brian,
>
> Thanks for the comment.
>
> We thought that the OPTIONS command set the permissions up for the rest of
> the POST command, thats why there's a two-step process. It may well be that
> the version we had running under node.js did all of this under the covers.
>
> We'll plug that in and have a try.
>
> Thanks for taking the time to reply.
>
> Rob
>
> On Wed, Apr 29, 2015 at 1:08 PM, Brian Duggan <[email protected]> wrote:
>
> > Hi Rob,
> >
> > You'll want to send the CORS headers with requests other than OPTIONS,
> > e.g. a minimal example to enable it everywhere might be :
> >
> > app->hook(after_dispatch => sub {
> > my $c = shift;
> > $c->res->headers->header('Access-Control-Allow-Origin' => '*');
> > }
> >
> > Brian
> >
> > On Wednesday, April 29, John wrote:
> > > I have not ready your entire post so don't know if this will apply in
> > your
> > > case: Mojolicious::Plugin::CORS
> > >
> > > John
> > >
> > > On 04/29/2015 06:44 AM, Rob Willett wrote:
> > > >Hi,
> > > >
> > > >First time poster.
> > > >
> > > >We've written an app using jquery, Cordova and were trying too work out
> > a
> > > >simple REST server framework to use. Since we had a lot of code already
> > > >written in JavaScript and using SQLite we thought we'd try express.js
> > and
> > > >the sqlite modules there. Whilst simple interactions seem to work, the
> > > >asynchronous nature and the complete lack of sensible support for SQL
> > > >transactions, we abandoned that and went back to our other option
> > > >Mojolicious.
> > > >
> > > >I've been reading a lot about Mojlicious and have struggled to find the
> > > >answer to what I think should be a simple problem. We simply want to
> > allow
> > > >anybody to access the Mojlicious web app. Our app will be on our own
> > > >intranet and we don't want anything in the way.
> > > >
> > > >We thought this would be simple but we seem to be struggling with this
> > and
> > > >after reading vast quantities of blogs, cpan sections we still cannot
> > get
> > > >a simple browser running Firefox to make a simple POST request to a
> > > >Mojlicious server. We are embarrassed but after two days enough is
> > enough,
> > > >we're asking for help.
> > > >
> > > >This is the smallest server code we could write.
> > > >
> > > >|
> > > >#!/usr/bin/perl -w
> > > >
> > > >use Mojolicious::Lite;
> > > >
> > > >options '*' => sub {
> > > > my $self = shift;
> > > >
> > > >$self->res->headers->header('Access-Control-Allow-Origin' => '*');
> > > >$self->res->headers->header('Access-Control-Allow-Credentials' =>
> > 'true');
> > > >$self->res->headers->header('Access-Control-Allow-Methods' => 'GET,
> > > >OPTIONS, POST, DELETE, PUT');
> > > >$self->res->headers->header('Access-Control-Allow-Headers' =>
> > > >'Content-Type');
> > > >$self->res->headers->header('Access-Control-Max-Age' => '1728000');
> > > >
> > > > $self->respond_to(any => { data => '', status => 200 });
> > > >};
> > > >
> > > >get '/data' => sub {
> > > > my $self = shift;
> > > >
> > > > print "GET found\n";
> > > > $self->render(text => 'ok');
> > > >};
> > > >
> > > >post '/data' => sub {
> > > > my $self = shift;
> > > >
> > > > print "\nPOST found\n";
> > > > $self->render(text => 'POST ok');
> > > >};
> > > >
> > > >app->secrets(['My very secret passphrase.']);
> > > >
> > > >app->start;
> > > >|
> > > >
> > > >The code to call it from our app is
> > > >
> > > >|
> > > >$http({
> > > > url: "http://localhost:3000/data"; ,
> > > > method: 'POST' ,
> > > > headers: { 'Content-Type': 'application/json' } ,
> > > > data: { payload : payload }
> > > >}).then(function(response) {
> > > > // Success
> > > >ConsoleLog("$http POST success");
> > > > } ,
> > > >function(response) {
> > > >ConsoleLog("$http POST failure");
> > > >});
> > > >|
> > > >
> > > >We know this angular code works calling express.js running on node.js we
> > > >we had it running, we extracted the JSON data from it and updated
> > > >databases.
> > > >
> > > >If we access this from curl, it works fine.
> > > >
> > > >|
> > > >curl --data "id=123" http://localhost:3000/data
> > > >|
> > > >
> > > >We get 'POST OK' returned.
> > > >
> > > >If we access this from a Firefox browser, which we use as a development
> > > >testing mule, we get
> > > >
> > > >|
> > > >Cross-Origin Request Blocked: The Same Origin Policy disallows reading
> > the
> > > >remote resource at http://localhost:3000/data. This can be fixed by
> > moving
> > > >the resource to the same domain or enabling CORS.
> > > >|
> > > >
> > > >We can see the OPTIONS method being called from the Network debugger
> > under
> > > >Firefox and it returns 200 which is OK. This is followed by a POST
> > method
> > > >and that looks OK as it returns 200. If we examine the headers it all
> > > >'looks ok' but clearly isn't. We can see that the debugging from the
> > > >Mojlicious server prints out "Post found" which is what we would expect.
> > > >
> > > ><
> > https://lh3.googleusercontent.com/-M5gnpxpeQzI/VUDDNTSXHnI/AAAAAAAAAHE/hgu5HgdWP9Q/s1600/Screen%2BShot%2B2015-04-29%2Bat%2B12.16.00.png
> > >
> > > >
> > > >We're sure this is something simple, but after a very long night and far
> > > >too much coffee we've no idea what the problem is.
> > > >
> > > >Any suggestions welcomed (including pack it all in and take up fishing).
> > > >
> > > >Thanks
> > > >
> > > >Rob
> > > >
> > > >
> > > >--
> > > >You received this message because you are subscribed to the Google
> > Groups
> > > >"Mojolicious" group.
> > > >To unsubscribe from this group and stop receiving emails from it, send
> > an
> > > >email to [email protected]
> > > ><mailto:[email protected]>.
> > > >To post to this group, send email to [email protected]
> > > ><mailto:[email protected]>.
> > > >Visit this group at http://groups.google.com/group/mojolicious.
> > > >For more options, visit https://groups.google.com/d/optout.
> > >
> > > --
> > > You received this message because you are subscribed to the Google
> > Groups "Mojolicious" group.
> > > To unsubscribe from this group and stop receiving emails from it, send
> > an email to [email protected].
> > > To post to this group, send email to [email protected].
> > > Visit this group at http://groups.google.com/group/mojolicious.
> > > For more options, visit https://groups.google.com/d/optout.
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Mojolicious" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to [email protected].
> > To post to this group, send email to [email protected].
> > Visit this group at http://groups.google.com/group/mojolicious.
> > For more options, visit https://groups.google.com/d/optout.
> >
>
> --
> You received this message because you are subscribed to the Google Groups
> "Mojolicious" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> Visit this group at http://groups.google.com/group/mojolicious.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.
