Support for CORS and OPTIONS requests

Question

Support for CORS and OPTIONS requests

fnahuelc opened this issue a year ago · 6 comments

I am attempting to create a basic REST API server using Siesta. However, I encountered an issue while trying to enable support for CORS on PUT requests. The browser initiates a preflight request in the form of an OPTIONS request, resulting in an "error 405 Method Not Allowed." Consequently, CORS verification fails.

I have inspected the code at common.h couldn't find explicit support for OPTIONS requests. Is there a way to enable them?

If there is no direct support, are there any workarounds that could address this issue?

Your assistance is greatly appreciated. Thanks in advance!

Answer 1 · 2023-07-24T06:30:54.000Z

Hi, yes, that is something I too have wanted to add support for, having used siesta for a small web-based control UI in an embedded system. There I had the possibility to make sure all requests go to the same domain though, so it was not a problem per se.

I'll have to read up on this for a while though :)

Also, I would appreciate ideas on how to test this in unit tests.

Answer 2 · 2023-07-24T11:35:41.000Z

Checking up on this, it seems it's as easy as adding the following header in your REST API handler function:

resp.addHeader("access-control-allow-origin", "*");

This allowed me to have the REST server on a different port than the HTTP server, otherwise I get "blocked by CORS policy" in Chrome.

Let me know how this works for you.

Answer 3 · 2023-07-24T11:41:12.000Z

Ok... hmm... this only takes care of GET requests. Back to the drawing board...

Answer 4 · 2023-07-24T12:35:31.000Z

Ok, got it to work in this PR: #8

Answer 5 · 2023-07-29T03:00:49.000Z

Fixed in b43ab1e

Answer 6 · 2023-07-29T07:32:27.000Z

Wow! That is awesome 👌! Thanks @robiwano