Lachlan, 1. Have you read the entire thread rather than the code I posted at the top. I'm mobile at the moment and its difficult to work out the thread and which code you are using.
2. Take out the authentication and get the code working without it. Then add authentication back in. 3. How are you calling things? If from IOS or Android there are other things with CSP you need to do. Rob On Wed, 20 Apr 2016 at 22:39 Lachlan Deck <[email protected]> wrote: > Hi Rob and all, > > I'm new to Mojolicious and am trying to take your example and make it work > for authentication, but am missing something obvious as I keep getting a > 404. > > General: > > 1. Request URL: > http://localhost:3002/users/login > 2. Request Method: > OPTIONS > 3. Status Code: > 404 Not Found > 4. Remote Address: > 127.0.0.1:3002 > > > Response headers: > > 1. HTTP/1.1 404 Not Found > Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, > Accept, Authorization > Access-Control-Allow-Credentials: true > Date: Wed, 20 Apr 2016 21:11:06 GMT > Access-Control-Allow-Origin: http://localhost:3000 > Access-Control-Allow-Methods: GET, OPTIONS, POST, DELETE, PUT > Content-Length: 17915 > Access-Control-Max-Age: 1728000 > Content-Type: text/html;charset=UTF-8 > Server: Mojolicious (Perl) > > > Request headers: > > 1. OPTIONS /users/login HTTP/1.1 > Host: localhost:3002 > Connection: keep-alive > Access-Control-Request-Method: POST > Origin: http://localhost:3000 > User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit > /537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 > Access-Control-Request-Headers: accept, authorization, content-type > Accept: */* > Referer: > http://localhost:3000/?adaptor=localhost:3002&api=localhost:8080 > Accept-Encoding: gzip, deflate, sdch > Accept-Language: en-GB,en-US;q=0.8,en;q=0.6 > > > Here's the code: > use Mojolicious::Lite; > use Mojo::Util 'secure_compare'; > > options '*' => sub { > my $self = shift; > my $path = $self->req->url->to_abs->path; > > say "PATH: $path"; > > $self->res->headers->header('Access-Control-Allow-Origin' => > $self->req->headers->origin); > $self->res->headers->header('Access-Control-Allow-Credentials' => > 'true'); > $self->res->headers->header('Access-Control-Allow-Methods' => 'GET, > OPTIONS, POST, DELETE, PUT'); > $self->res->headers->header('Access-Control-Allow-Headers' => 'Origin, > X-Requested-With, Content-Type, Accept, Authorization'); > $self->res->headers->header('Access-Control-Max-Age' => '1728000'); > > $self->respond_to(any => { $path => '', status => 200 }); > }; > > > post '/users/login' => sub { > my $c = shift; > > say "Authentication attempt..."; > > # Check for username "Bender" and password "rocks" > > > return $c->render(text => 'Hello Bender!') > if secure_compare $c->req->url->to_abs->userinfo, 'Bender:rocks'; > > # Require authentication > > > $c->res->headers->www_authenticate('Basic'); > $c->render(text => 'Authentication required!', status => 401); > }; > > > > app->hook(after_dispatch => sub { > my $c = shift; > my $headers = $c->req->headers; > my $origin = $headers->origin; > say "Origin: $origin"; > > $c->res->headers->header('Access-Control-Allow-Origin' => $origin); > }); > > app->secrets(['My very secret passphrase.']); > app->start; > > > > Any suggestions? > > Thanks! > > Lachlan. > > > > On Thursday, April 30, 2015 at 12:02:46 AM UTC+10, Rob Willett wrote: >> >> All, >> >> Thanks for all your help. We appear to have overcome the CORS hurdle and >> have something that at least is not giving a CORS error in Firefox which is >> more than we have had in the last 48 hours. >> >> It turns out that you do need to send 'Access-Control-Allow-Origin' => >> '*' with the POST reply. It also turns out that a lot of the headers I was >> sending were not needed. >> >> For posterity and because somebody else might find it useful, here is the >> full source code (that sounds rather grand for a hack), that works for us. >> It does nothing useful expect not throw an error. >> >> #!/usr/bin/perl -w >> >> use Mojolicious::Lite; >> >> options '*' => sub { >> my $self = shift; >> >> $self->res->headers->header('Access-Control-Allow-Origin' => '*'); >> #$self->res->headers->header('Access-Control-Allow-Credentials' => >> 'true'); >> #$self->res->headers->header('Access-Control-Allow-Methods' => 'GET, >> OPTIONS, POST, DELETE, PUT'); >> #$self->res->headers->header('Access-Control-Allow-Headers' => >> 'Content-Type'); >> #$self->res->headers->header('Access-Control-Max-Age' => '1728000'); >> >> $self->respond_to(any => { data => '', status => 200 }); >> }; >> >> get '/data' => sub { >> my $self = shift; >> >> print "GET found\n"; >> $self->render(text => 'ok'); >> }; >> >> post '/data' => sub { >> my $self = shift; >> >> print "\nPOST 3 found\n"; >> $self->render(text => 'POST ok' ); >> }; >> >> app->hook(after_dispatch => sub { >> my $c = shift; >> $c->res->headers->header('Access-Control-Allow-Origin' => '*'); >> }); >> >> app->secrets(['My very secret passphrase.']); >> >> app->start; >> >> Note the commented lines in the options section. We've left them in as >> they may become useful. This is something we can build on, we wrote an >> awful lot of JavaScript which now needs converting to Perl. >> >> Thanks again for all the help, hopefully I can do the same back some day. >> >> Best wishes, >> >> Rob. >> >> -- > You received this message because you are subscribed to the Google Groups > "Mojolicious" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/mojolicious. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Mojolicious" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/mojolicious. For more options, visit https://groups.google.com/d/optout.
