Adds CORS to Application. CORS Middleware out of the box in RestRserve to turn on/off the CORS Headers on preflight validation from the browser.

Cross Origin Resource Sharing is an additional security check done by moderns browsers to avoid request between different domains. To allow it RestRserve has easy way to enable your CORS policies. By default CORS policies are disabled. So if any request is coming from a different domain will be blocked by the browser as default because RestRserve will not send the headers required by the browser to allow cross site resource sharing. You can change this easy just by providing CORSMiddleware as middleware to the Application.

References

MDN

Super class

RestRserve::Middleware -> CORSMiddleware

Methods


Method new()

Creates CORS middleware object

Usage

CORSMiddleware$new(routes = "/", match = "partial", id = "CORSMiddleware")

Arguments

routes

Routes paths to protect.

match

How routes will be matched: exact or partial (as prefix).

id

Middleware id.


Method clone()

The objects of this class are cloneable with this method.

Usage

CORSMiddleware$clone(deep = FALSE)

Arguments

deep

Whether to make a deep clone.

Examples

app = Application$new(middleware = list(CORSMiddleware$new()))
app$add_post(path = "/hello", FUN = function(req, res) {
  res$set_body("Hello from RestRserve!")
})
app$add_route("/hello", method = "OPTIONS", FUN = function(req, res) {
 res$set_header("Allow", "POST, OPTIONS")
})
req = Request$new(
  path = "/hello",
  headers = list("Access-Control-Request-Method" = "POST"),
  method = "OPTIONS"
)
app$process_request(req)
#> <RestRserve Response>
#>   status code: 200 OK
#>   content-type: text/plain
#>   <Headers>
#>     Server: RestRserve/1.2.2; Rserve/1.8.13
#>     Access-Control-Allow-Origin: *
#>     Access-Control-Allow-Methods: POST, OPTIONS
#>     Access-Control-Allow-Headers: *
#>     Access-Control-Max-Age: 86400