Hi Rob and all, I'm new to Mojolicious and am trying to take your example and make it work for authentication, but am missing something obvious as I keep getting a 404.
General: 1. Request URL: http://localhost:3002/users/login 2. Request Method: OPTIONS 3. Status Code: 404 Not Found 4. Remote Address: 127.0.0.1:3002 Response headers: 1. HTTP/1.1 404 Not Found Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization Access-Control-Allow-Credentials: true Date: Wed, 20 Apr 2016 21:11:06 GMT Access-Control-Allow-Origin: http://localhost:3000 Access-Control-Allow-Methods: GET, OPTIONS, POST, DELETE, PUT Content-Length: 17915 Access-Control-Max-Age: 1728000 Content-Type: text/html;charset=UTF-8 Server: Mojolicious (Perl) Request headers: 1. OPTIONS /users/login HTTP/1.1 Host: localhost:3002 Connection: keep-alive Access-Control-Request-Method: POST Origin: http://localhost:3000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/ 537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 Access-Control-Request-Headers: accept, authorization, content-type Accept: */* Referer: http://localhost:3000/?adaptor=localhost:3002&api=localhost:8080 Accept-Encoding: gzip, deflate, sdch Accept-Language: en-GB,en-US;q=0.8,en;q=0.6 Here's the code: use Mojolicious::Lite; use Mojo::Util 'secure_compare'; options '*' => sub { my $self = shift; my $path = $self->req->url->to_abs->path; say "PATH: $path"; $self->res->headers->header('Access-Control-Allow-Origin' => $self->req->headers->origin); $self->res->headers->header('Access-Control-Allow-Credentials' => 'true'); $self->res->headers->header('Access-Control-Allow-Methods' => 'GET, OPTIONS, POST, DELETE, PUT'); $self->res->headers->header('Access-Control-Allow-Headers' => 'Origin, X-Requested-With, Content-Type, Accept, Authorization'); $self->res->headers->header('Access-Control-Max-Age' => '1728000'); $self->respond_to(any => { $path => '', status => 200 }); }; post '/users/login' => sub { my $c = shift; say "Authentication attempt..."; # Check for username "Bender" and password "rocks" return $c->render(text => 'Hello Bender!') if secure_compare $c->req->url->to_abs->userinfo, 'Bender:rocks'; # Require authentication $c->res->headers->www_authenticate('Basic'); $c->render(text => 'Authentication required!', status => 401); }; app->hook(after_dispatch => sub { my $c = shift; my $headers = $c->req->headers; my $origin = $headers->origin; say "Origin: $origin"; $c->res->headers->header('Access-Control-Allow-Origin' => $origin); }); app->secrets(['My very secret passphrase.']); app->start; Any suggestions? Thanks! Lachlan. On Thursday, April 30, 2015 at 12:02:46 AM UTC+10, Rob Willett wrote: > > All, > > Thanks for all your help. We appear to have overcome the CORS hurdle and > have something that at least is not giving a CORS error in Firefox which is > more than we have had in the last 48 hours. > > It turns out that you do need to send 'Access-Control-Allow-Origin' => '*' > with the POST reply. It also turns out that a lot of the headers I was > sending were not needed. > > For posterity and because somebody else might find it useful, here is the > full source code (that sounds rather grand for a hack), that works for us. > It does nothing useful expect not throw an error. > > #!/usr/bin/perl -w > > use Mojolicious::Lite; > > options '*' => sub { > my $self = shift; > > $self->res->headers->header('Access-Control-Allow-Origin' => '*'); > #$self->res->headers->header('Access-Control-Allow-Credentials' => > 'true'); > #$self->res->headers->header('Access-Control-Allow-Methods' => 'GET, > OPTIONS, POST, DELETE, PUT'); > #$self->res->headers->header('Access-Control-Allow-Headers' => > 'Content-Type'); > #$self->res->headers->header('Access-Control-Max-Age' => '1728000'); > > $self->respond_to(any => { data => '', status => 200 }); > }; > > get '/data' => sub { > my $self = shift; > > print "GET found\n"; > $self->render(text => 'ok'); > }; > > post '/data' => sub { > my $self = shift; > > print "\nPOST 3 found\n"; > $self->render(text => 'POST ok' ); > }; > > app->hook(after_dispatch => sub { > my $c = shift; > $c->res->headers->header('Access-Control-Allow-Origin' => '*'); > }); > > app->secrets(['My very secret passphrase.']); > > app->start; > > Note the commented lines in the options section. We've left them in as > they may become useful. This is something we can build on, we wrote an > awful lot of JavaScript which now needs converting to Perl. > > Thanks again for all the help, hopefully I can do the same back some day. > > Best wishes, > > Rob. > > -- You received this message because you are subscribed to the Google Groups "Mojolicious" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/mojolicious. For more options, visit https://groups.google.com/d/optout.
