Adds CORS to Application. CORS Middleware out of the box in RestRserve to turn on/off the CORS Headers on preflight validation from the browser.

Cross Origin Resource Sharing is an additional security check done by moderns browsers to avoid request between different domains. To allow it RestRserve has easy way to enable your CORS policies. By default CORS policies are disabled. So if any request is coming from a different domain will be blocked by the browser as default because RestRserve will not send the headers required by the browser to allow cross site resource sharing. You can change this easy just by providing CORSMiddleware as middleware to the Application.

References

MDN

Super class

RestRserve::Middleware -> CORSMiddleware

Methods

Inherited methods


    Method new()

    Creates CORS middleware object

    Usage

    CORSMiddleware$new(routes = "/", match = "partial", id = "CORSMiddleware")

    Arguments

    routes

    Routes paths to protect.

    match

    How routes will be matched: exact or partial (as prefix).

    id

    Middleware id.


    Method clone()

    The objects of this class are cloneable with this method.

    Usage

    CORSMiddleware$clone(deep = FALSE)

    Arguments

    deep

    Whether to make a deep clone.

    Examples

    app = Application$new(middleware = list(CORSMiddleware$new()))
    app$add_post(path = "/hello", FUN = function(req, res) {
      res$set_body("Hello from RestRserve!")
    })
    app$add_route("/hello", method = "OPTIONS", FUN = function(req, res) {
     res$set_header("Allow", "POST, OPTIONS")
    })
    req = Request$new(
      path = "/hello",
      headers = list("Access-Control-Request-Method" = "POST"),
      method = "OPTIONS"
    )
    app$process_request(req)
    #> <RestRserve Response>
    #>   status code: 200 OK
    #>   content-type: text/plain
    #>   <Headers>
    #>     Server: RestRserve/1.2.0; Rserve/1.8.10
    #>     Access-Control-Allow-Origin: *
    #>     Access-Control-Allow-Methods: POST, OPTIONS
    #>     Access-Control-Allow-Headers: *
    #>     Access-Control-Max-Age: 86400