Hi Rob,
got it working.
Yes, I had read the whole thread. I had wrongly assumed that the options
response (data => ‘’) was related to the get /data path.
Stripping authentication, as you suggested, to get it working first was
certainly helpful.
For posterity, here’s the working example:
#!/usr/bin/perl -w
use Mojolicious::Lite;
use Mojo::Util 'secure_compare';
options '*' => sub {
my $c = shift;
my $origin = $c->req->headers->origin;
say "OPTION ORIGIN: $origin";
$c->res->headers->header('Access-Control-Allow-Origin' => $origin);
$c->res->headers->header('Access-Control-Allow-Credentials' => 'true');
$c->res->headers->header('Access-Control-Allow-Methods' => 'GET, OPTIONS,
POST, DELETE, PUT');
$c->res->headers->header('Access-Control-Allow-Headers' => 'Content-Type');
#$c->res->headers->header('Access-Control-Max-Age' => '1728000');
$c->respond_to(any => { data => '', status => 200 });
};
post '/users/login' => sub {
my $c = shift;
print "GET found\n";
$c->render(text => 'Hello!')
if secure_compare $c->req->url->to_abs->userinfo, 'Bender:rocks';
$c->res->headers->www_authenticate('Basic');
$c->render(text => 'Authentication required!', status => 401);
};
app->hook(after_dispatch => sub {
my $c = shift;
my $origin = $c->req->headers->origin;
say "HOOK ORIGIN: $origin";
$c->res->headers->header('Access-Control-Allow-Origin' => $origin);
});
app->secrets(['My very secret passphrase.']);
app->start;
$ curl -v -X OPTIONS -H 'Origin: site.tld' -H 'Access-Control-Request-Method:
POST' http://127.0.0.1:3002/users/login
cheers,
Lachlan
> On 22 Apr 2016, at 2:54 AM, 'Rob Willett' via Mojolicious
> <[email protected]> wrote:
>
> Lachlan,
>
> 1. Have you read the entire thread rather than the code I posted at the top.
> I'm mobile at the moment and its difficult to work out the thread and which
> code you are using.
>
> 2. Take out the authentication and get the code working without it. Then add
> authentication back in.
>
> 3. How are you calling things? If from IOS or Android there are other things
> with CSP you need to do.
>
> Rob
>
> On Wed, 20 Apr 2016 at 22:39 Lachlan Deck <[email protected]
> <mailto:[email protected]>> wrote:
> Hi Rob and all,
>
> I'm new to Mojolicious and am trying to take your example and make it work
> for authentication, but am missing something obvious as I keep getting a 404.
>
> General:
> Request URL:http://localhost:3002/users/login
> Request Method:OPTIONS
> Status Code:404 Not Found
> Remote Address:127.0.0.1:3002 <http://127.0.0.1:3002/>
> Response headers:
> HTTP/1.1 404 Not Found
> Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept,
> Authorization
> Access-Control-Allow-Credentials: true
> Date: Wed, 20 Apr 2016 21:11:06 GMT
> Access-Control-Allow-Origin: http://localhost:3000
> Access-Control-Allow-Methods: GET, OPTIONS, POST, DELETE, PUT
> Content-Length: 17915
> Access-Control-Max-Age: 1728000
> Content-Type: text/html;charset=UTF-8
> Server: Mojolicious (Perl)
>
> Request headers:
> OPTIONS /users/login HTTP/1.1
> Host: localhost:3002
> Connection: keep-alive
> Access-Control-Request-Method: POST
> Origin: http://localhost:3000
> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4)
> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36
> Access-Control-Request-Headers: accept, authorization, content-type
> Accept: */*
> Referer: http://localhost:3000/?adaptor=localhost:3002&api=localhost:8080
> <http://localhost:3000/?adaptor=localhost:3002&api=localhost:8080>
> Accept-Encoding: gzip, deflate, sdch
> Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
>
> Here's the code:
> use Mojolicious::Lite;
> use Mojo::Util 'secure_compare';
>
> options '*' => sub {
> my $self = shift;
> my $path = $self->req->url->to_abs->path;
>
> say "PATH: $path";
>
> $self->res->headers->header('Access-Control-Allow-Origin' =>
> $self->req->headers->origin);
> $self->res->headers->header('Access-Control-Allow-Credentials' => 'true');
> $self->res->headers->header('Access-Control-Allow-Methods' => 'GET,
> OPTIONS, POST, DELETE, PUT');
> $self->res->headers->header('Access-Control-Allow-Headers' => 'Origin,
> X-Requested-With, Content-Type, Accept, Authorization');
> $self->res->headers->header('Access-Control-Max-Age' => '1728000');
>
> $self->respond_to(any => { $path => '', status => 200 });
> };
>
>
> post '/users/login' => sub {
> my $c = shift;
>
> say "Authentication attempt...";
>
> # Check for username "Bender" and password "rocks"
>
>
> return $c->render(text => 'Hello Bender!')
> if secure_compare $c->req->url->to_abs->userinfo, 'Bender:rocks';
>
> # Require authentication
>
>
> $c->res->headers->www_authenticate('Basic');
> $c->render(text => 'Authentication required!', status => 401);
> };
>
>
>
> app->hook(after_dispatch => sub {
> my $c = shift;
> my $headers = $c->req->headers;
> my $origin = $headers->origin;
> say "Origin: $origin";
>
> $c->res->headers->header('Access-Control-Allow-Origin' => $origin);
> });
>
> app->secrets(['My very secret passphrase.']);
> app->start;
>
>
>
> Any suggestions?
>
> Thanks!
>
> Lachlan.
>
>
>
> On Thursday, April 30, 2015 at 12:02:46 AM UTC+10, Rob Willett wrote:
> All,
>
> Thanks for all your help. We appear to have overcome the CORS hurdle and have
> something that at least is not giving a CORS error in Firefox which is more
> than we have had in the last 48 hours.
>
> It turns out that you do need to send 'Access-Control-Allow-Origin' => '*'
> with the POST reply. It also turns out that a lot of the headers I was
> sending were not needed.
>
> For posterity and because somebody else might find it useful, here is the
> full source code (that sounds rather grand for a hack), that works for us. It
> does nothing useful expect not throw an error.
>
> #!/usr/bin/perl -w
>
> use Mojolicious::Lite;
>
> options '*' => sub {
> my $self = shift;
>
> $self->res->headers->header('Access-Control-Allow-Origin' => '*');
> #$self->res->headers->header('Access-Control-Allow-Credentials' =>
> 'true');
> #$self->res->headers->header('Access-Control-Allow-Methods' => 'GET,
> OPTIONS, POST, DELETE, PUT');
> #$self->res->headers->header('Access-Control-Allow-Headers' =>
> 'Content-Type');
> #$self->res->headers->header('Access-Control-Max-Age' => '1728000');
>
> $self->respond_to(any => { data => '', status => 200 });
> };
>
> get '/data' => sub {
> my $self = shift;
>
> print "GET found\n";
> $self->render(text => 'ok');
> };
>
> post '/data' => sub {
> my $self = shift;
>
> print "\nPOST 3 found\n";
> $self->render(text => 'POST ok' );
> };
>
> app->hook(after_dispatch => sub {
> my $c = shift;
> $c->res->headers->header('Access-Control-Allow-Origin' => '*');
> });
>
> app->secrets(['My very secret passphrase.']);
>
> app->start;
>
> Note the commented lines in the options section. We've left them in as they
> may become useful. This is something we can build on, we wrote an awful lot
> of JavaScript which now needs converting to Perl.
>
> Thanks again for all the help, hopefully I can do the same back some day.
>
> Best wishes,
>
> Rob.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Mojolicious" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected]
> <mailto:[email protected]>.
> To post to this group, send email to [email protected]
> <mailto:[email protected]>.
> Visit this group at https://groups.google.com/group/mojolicious
> <https://groups.google.com/group/mojolicious>.
> For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Mojolicious" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected]
> <mailto:[email protected]>.
> To post to this group, send email to [email protected]
> <mailto:[email protected]>.
> Visit this group at https://groups.google.com/group/mojolicious
> <https://groups.google.com/group/mojolicious>.
> For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
--
You received this message because you are subscribed to the Google Groups
"Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.
