Adds CORS to Application. CORS Middleware out of the box in RestRserve to turn on/off the CORS
Headers on preflight validation from the browser.
Cross Origin Resource Sharing is an additional security check done by moderns
browsers to avoid request between different domains. To allow it RestRserve
has easy way to enable your CORS policies. By default CORS policies are disabled.
So if any request is coming from a different domain will be blocked
by the browser as default because RestRserve will not send the headers required
by the browser to allow cross site resource sharing. You can change this easy
just by providing CORSMiddleware
as middleware to the Application.
RestRserve::Middleware
-> CORSMiddleware
new()
Creates CORS middleware object
CORSMiddleware$new(routes = "/", match = "partial", id = "CORSMiddleware")
app = Application$new(middleware = list(CORSMiddleware$new()))
app$add_post(path = "/hello", FUN = function(req, res) {
res$set_body("Hello from RestRserve!")
})
app$add_route("/hello", method = "OPTIONS", FUN = function(req, res) {
res$set_header("Allow", "POST, OPTIONS")
})
req = Request$new(
path = "/hello",
headers = list("Access-Control-Request-Method" = "POST"),
method = "OPTIONS"
)
app$process_request(req)
#> <RestRserve Response>
#> status code: 200 OK
#> content-type: text/plain
#> <Headers>
#> Server: RestRserve/1.2.2; Rserve/1.8.13
#> Access-Control-Allow-Origin: *
#> Access-Control-Allow-Methods: POST, OPTIONS
#> Access-Control-Allow-Headers: *
#> Access-Control-Max-Age: 86400