Pleased it works
On Fri, 22 Apr 2016 04:28 Lachlan Deck, <[email protected]> wrote:
> Hi Rob,
>
> got it working.
>
> Yes, I had read the whole thread. I had wrongly assumed that the options
> response (data => ‘’) was related to the get /data path.
> Stripping authentication, as you suggested, to get it working first was
> certainly helpful.
>
> For posterity, here’s the working example:
>
> #!/usr/bin/perl -w
>
>
>
> use Mojolicious::Lite;
> use Mojo::Util 'secure_compare';
>
> options '*' => sub {
> my $c = shift;
> my $origin = $c->req->headers->origin;
> say "OPTION ORIGIN: $origin";
>
>
> $c->res->headers->header('Access-Control-Allow-Origin' => $origin);
> $c->res->headers->header('Access-Control-Allow-Credentials' => 'true');
> $c->res->headers->header('Access-Control-Allow-Methods' => 'GET,
> OPTIONS, POST, DELETE, PUT');
>
> $c->res->headers->header('Access-Control-Allow-Headers' => 'Content-Type');
> #$c->res->headers->header('Access-Control-Max-Age' => '1728000');
>
>
>
> $c->respond_to(any => { data => '', status => 200 });
>
> };
>
> post '/users/login' => sub {
> my $c = shift;
>
> print "GET found\n";
> $c->render(text => 'Hello!')
>
> if secure_compare $c->req->url->to_abs->userinfo, 'Bender:rocks';
>
> $c->res->headers->www_authenticate('Basic');
> $c->render(text => 'Authentication required!', status => 401);
> };
>
>
> app->hook(after_dispatch => sub {
> my $c = shift;
> my $origin = $c->req->headers->origin;
> say "HOOK ORIGIN: $origin";
>
> $c->res->headers->header('Access-Control-Allow-Origin' => $origin);
> });
>
> app->secrets(['My very secret passphrase.']);
> app->start;
>
> $ curl -v -X OPTIONS -H 'Origin: site.tld' -H
> 'Access-Control-Request-Method: POST' http://127.0.0.1:3002/users/login
>
>
> cheers,
> Lachlan
>
> On 22 Apr 2016, at 2:54 AM, 'Rob Willett' via Mojolicious <
> [email protected]> wrote:
>
> Lachlan,
>
> 1. Have you read the entire thread rather than the code I posted at the
> top. I'm mobile at the moment and its difficult to work out the thread and
> which code you are using.
>
> 2. Take out the authentication and get the code working without it. Then
> add authentication back in.
>
> 3. How are you calling things? If from IOS or Android there are other
> things with CSP you need to do.
>
> Rob
>
> On Wed, 20 Apr 2016 at 22:39 Lachlan Deck <[email protected]> wrote:
>
>> Hi Rob and all,
>>
>> I'm new to Mojolicious and am trying to take your example and make it
>> work for authentication, but am missing something obvious as I keep getting
>> a 404.
>>
>> General:
>>
>> 1. Request URL:
>> http://localhost:3002/users/login
>> 2. Request Method:
>> OPTIONS
>> 3. Status Code:
>> 404 Not Found
>> 4. Remote Address:
>> 127.0.0.1:3002
>>
>>
>> Response headers:
>>
>> 1. HTTP/1.1 404 Not Found
>> Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type,
>> Accept, Authorization
>> Access-Control-Allow-Credentials: true
>> Date: Wed, 20 Apr 2016 21:11:06 GMT
>> Access-Control-Allow-Origin: http://localhost:3000
>> Access-Control-Allow-Methods: GET, OPTIONS, POST, DELETE, PUT
>> Content-Length: 17915
>> Access-Control-Max-Age: 1728000
>> Content-Type: text/html;charset=UTF-8
>> Server: Mojolicious (Perl)
>>
>>
>> Request headers:
>>
>> 1. OPTIONS /users/login HTTP/1.1
>> Host: localhost:3002
>> Connection: keep-alive
>> Access-Control-Request-Method: POST
>> Origin: http://localhost:3000
>> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4)
>> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/
>> 537.36
>> Access-Control-Request-Headers: accept, authorization, content-type
>> Accept: */*
>> Referer:
>> http://localhost:3000/?adaptor=localhost:3002&api=localhost:8080
>> Accept-Encoding: gzip, deflate, sdch
>> Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
>>
>>
>> Here's the code:
>> use Mojolicious::Lite;
>> use Mojo::Util 'secure_compare';
>>
>> options '*' => sub {
>> my $self = shift;
>> my $path = $self->req->url->to_abs->path;
>>
>> say "PATH: $path";
>>
>> $self->res->headers->header('Access-Control-Allow-Origin' =>
>> $self->req->headers->origin);
>> $self->res->headers->header('Access-Control-Allow-Credentials' =>
>> 'true');
>> $self->res->headers->header('Access-Control-Allow-Methods' => 'GET,
>> OPTIONS, POST, DELETE, PUT');
>> $self->res->headers->header('Access-Control-Allow-Headers' =>
>> 'Origin, X-Requested-With, Content-Type, Accept, Authorization');
>> $self->res->headers->header('Access-Control-Max-Age' => '1728000');
>>
>> $self->respond_to(any => { $path => '', status => 200 });
>> };
>>
>>
>> post '/users/login' => sub {
>> my $c = shift;
>>
>> say "Authentication attempt...";
>>
>> # Check for username "Bender" and password "rocks"
>>
>>
>> return $c->render(text => 'Hello Bender!')
>> if secure_compare $c->req->url->to_abs->userinfo, 'Bender:rocks';
>>
>> # Require authentication
>>
>>
>> $c->res->headers->www_authenticate('Basic');
>> $c->render(text => 'Authentication required!', status => 401);
>> };
>>
>>
>>
>> app->hook(after_dispatch => sub {
>> my $c = shift;
>> my $headers = $c->req->headers;
>> my $origin = $headers->origin;
>> say "Origin: $origin";
>>
>> $c->res->headers->header('Access-Control-Allow-Origin' => $origin);
>> });
>>
>> app->secrets(['My very secret passphrase.']);
>> app->start;
>>
>>
>>
>> Any suggestions?
>>
>> Thanks!
>>
>> Lachlan.
>>
>>
>>
>> On Thursday, April 30, 2015 at 12:02:46 AM UTC+10, Rob Willett wrote:
>>>
>>> All,
>>>
>>> Thanks for all your help. We appear to have overcome the CORS hurdle and
>>> have something that at least is not giving a CORS error in Firefox which is
>>> more than we have had in the last 48 hours.
>>>
>>> It turns out that you do need to send 'Access-Control-Allow-Origin' =>
>>> '*' with the POST reply. It also turns out that a lot of the headers I was
>>> sending were not needed.
>>>
>>> For posterity and because somebody else might find it useful, here is
>>> the full source code (that sounds rather grand for a hack), that works for
>>> us. It does nothing useful expect not throw an error.
>>>
>>> #!/usr/bin/perl -w
>>>
>>> use Mojolicious::Lite;
>>>
>>> options '*' => sub {
>>> my $self = shift;
>>>
>>> $self->res->headers->header('Access-Control-Allow-Origin' => '*');
>>> #$self->res->headers->header('Access-Control-Allow-Credentials' =>
>>> 'true');
>>> #$self->res->headers->header('Access-Control-Allow-Methods' => 'GET,
>>> OPTIONS, POST, DELETE, PUT');
>>> #$self->res->headers->header('Access-Control-Allow-Headers' =>
>>> 'Content-Type');
>>> #$self->res->headers->header('Access-Control-Max-Age' => '1728000');
>>>
>>> $self->respond_to(any => { data => '', status => 200 });
>>> };
>>>
>>> get '/data' => sub {
>>> my $self = shift;
>>>
>>> print "GET found\n";
>>> $self->render(text => 'ok');
>>> };
>>>
>>> post '/data' => sub {
>>> my $self = shift;
>>>
>>> print "\nPOST 3 found\n";
>>> $self->render(text => 'POST ok' );
>>> };
>>>
>>> app->hook(after_dispatch => sub {
>>> my $c = shift;
>>> $c->res->headers->header('Access-Control-Allow-Origin' => '*');
>>> });
>>>
>>> app->secrets(['My very secret passphrase.']);
>>>
>>> app->start;
>>>
>>> Note the commented lines in the options section. We've left them in as
>>> they may become useful. This is something we can build on, we wrote an
>>> awful lot of JavaScript which now needs converting to Perl.
>>>
>>> Thanks again for all the help, hopefully I can do the same back some day.
>>>
>>> Best wishes,
>>>
>>> Rob.
>>>
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Mojolicious" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To post to this group, send email to [email protected].
>> Visit this group at https://groups.google.com/group/mojolicious.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Mojolicious" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> Visit this group at https://groups.google.com/group/mojolicious.
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Mojolicious" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> Visit this group at https://groups.google.com/group/mojolicious.
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.
