Alex, I tried this and some things didn't work. Deep down I'd like to use SecureCors as I feel its the 'right' thing to do.
This one appears to work macpro:~ rwillett$ curl -v -X OPTIONS -H 'Origin: site.tld' -H 'Access-Control-Request-Method: POST' http://127.0.0.1:3000/data * Hostname was NOT found in DNS cache * Trying 127.0.0.1... * Connected to 127.0.0.1 (127.0.0.1) port 3000 (#0) > OPTIONS /data HTTP/1.1 > User-Agent: curl/7.37.1 > Host: 127.0.0.1:3000 > Accept: */* > Origin: site.tld > Access-Control-Request-Method: POST > < HTTP/1.1 204 No Content < Date: Wed, 29 Apr 2015 17:29:45 GMT < Content-Length: 0 < Connection: keep-alive * Server Mojolicious (Perl) is not blacklisted < Server: Mojolicious (Perl) < Content-Type: text/html;charset=UTF-8 < * Connection #0 to host 127.0.0.1 left intact [Wed Apr 29 18:29:27 2015] [debug] OPTIONS "/data" [Wed Apr 29 18:29:27 2015] [debug] Routing to a callback [Wed Apr 29 18:29:27 2015] [debug] 204 No Content (0.000504s, 1984.127/s) [Wed Apr 29 18:29:45 2015] [debug] OPTIONS "/data" [Wed Apr 29 18:29:45 2015] [debug] Routing to a callback [Wed Apr 29 18:29:45 2015] [debug] 204 No Content (0.000465s, 2150.538/s) This one fails curl -v -H 'Origin: site.tld' --data "id=123" http://localhost:3000/data [Wed Apr 29 18:31:17 2015] [debug] POST "/data" [Wed Apr 29 18:31:17 2015] [debug] Template "not_found.development.html.ep" not found [Wed Apr 29 18:31:17 2015] [debug] Template "not_found.html.ep" not found [Wed Apr 29 18:31:17 2015] [debug] Rendering cached inline template "fd403ab55a4c875e35b42428816134c7" [Wed Apr 29 18:31:17 2015] [debug] Rendering cached inline template "dd85456cf9f44e1e43bebae130a7f9df" [Wed Apr 29 18:31:17 2015] [debug] 404 Not Found (0.004456s, 224.417/s) as does this one curl -v -H 'Origin: site.tld' http://localhost:3000/data [Wed Apr 29 18:32:11 2015] [debug] GET "/data" [Wed Apr 29 18:32:11 2015] [debug] Template "not_found.development.html.ep" not found [Wed Apr 29 18:32:11 2015] [debug] Template "not_found.html.ep" not found [Wed Apr 29 18:32:11 2015] [debug] Rendering cached inline template "fd403ab55a4c875e35b42428816134c7" [Wed Apr 29 18:32:11 2015] [debug] Rendering cached inline template "dd85456cf9f44e1e43bebae130a7f9df" [Wed Apr 29 18:32:11 2015] [debug] 404 Not Found (0.004497s, 222.370/s) Both the last two command return an error web page as well. Should the SecureCors need a use command? Rob. On Wednesday, 29 April 2015 16:29:13 UTC+1, Alex Efros wrote: > > Hi! > > On Wed, Apr 29, 2015 at 01:01:57PM +0100, Rob Willett wrote: > > We also tried the SecureCors version. > > This should work: > > ---cut--- > #!/usr/bin/perl -w > > use Mojolicious::Lite; > > plugin 'SecureCORS', { max_age => 1728000 }; > > app->routes->cors('/data'); > > under '/data' => { > 'cors.origin' => '*', > 'cors.headers' => 'Content-Type', > }; > > get '/' => sub { > my $self = shift; > > print "GET found\n"; > $self->render(text => 'ok'); > }; > > post '/' => sub { > my $self = shift; > > print "\nPOST found\n"; > $self->render(text => 'POST ok'); > }; > > app->secrets(['My very secret passphrase.']); > > app->start; > ---cut--- > > Test it with: > > curl -v -X OPTIONS -H 'Origin: site.tld' -H > 'Access-Control-Request-Method: POST' http://localhost:3000/data > curl -v -H 'Origin: site.tld' --data "id=123" http://localhost:3000/data > curl -v -H 'Origin: site.tld' http://localhost:3000/data > > -- > WBR, Alex. > -- You received this message because you are subscribed to the Google Groups "Mojolicious" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/mojolicious. For more options, visit https://groups.google.com/d/optout.
