Add support of CORS #949
Add support of CORS #949
Conversation
manifest
force-pushed
the
feature/947
branch
from
6868d72
to
cd0f9f1
Compare
|
Thanks, a few comments. Note however that this will break in a week or two when I finally merge back my current set of changes (huge).
|
|
I will write the tests. You're right about maps, it's a better choice. And we need the |
manifest
force-pushed
the
feature/947
branch
2 times, most recently
from
ade828e
to
38df0b7
Compare
|
Hey, I will try to get to this this week-end. I finally read the CORS spec so we can move forward. This seems like a good first step, but I think we should also better integrate CORS support with cowboy_rest. Most of the info can be filled automatically there, except the origin check, max-age and exposed-headers, so it could be very nice to have. |
|
|
||
| -spec match_cors_credentials(boolean(), {binary(), binary(), 0..65535} | reference() | '*') -> boolean(). | ||
| match_cors_credentials(true, '*') -> | ||
| throw({bad_credentials, true, '*'}); |
There was a problem hiding this comment.
Guessing this is for 'The string "" cannot be used for a resource that supports credentials.' but I'm not sure this is very useful, more useful would be sending Origin back instead of "" if credentials are allowed.
There was a problem hiding this comment.
Actually, it's how it works now. User will get an Origin back if credentials are allowed. The only way he can get the "*" in the response the parser didn't fully recognize the Origin value or the value was "null" string, thus the parser returned an reference that can't be returned to the user. So we need this validation for the last case.
|
Hi at all, |
|
hi @manifest, I saw that the PR for |
|
if you have time, can you add a example that show how it works? :) |
|
I mean an example inside examples/ directory. |
|
Ok, will do it. |
|
@manifest thanks a lot! :D |
Pull request for issue 947 "Make Cowboy CORS friendly".