OPTIONS requests do not go through the middleware stack #414
Conversation
|
Check out /~https://github.com/intridea/grape/blob/master/lib/grape/api.rb#L504, it will respond to Hope this helps. Please do use the mailing list for questions. |
|
@dblock, so you're saying that if I use: class MyAPI < Grape::API
do_not_route_options!
use Grape::Middleware::OptionsException
mount ApiExample
endThen an options request should go through to the middleware, right? (It doesn't) |
|
Ok, additional information @dblock — Using … it also still sets the |
|
I'll reopen as a bug. Do you think you could write a test within Grape for something like this? I'll take a look. |
|
Hmm, I can try… |
|
Anything that fails that you expect to succeed :) |
|
@dblock Talking over what should happen a little more:
Anything else? |
…t_route_options! is used.
|
ping @dblock Should I have a stab at implementing this? |
|
Don't hesitate! |
Added BadMethod middleware to handle unsupported methods Added middlewares to autoload Added allowed_methods_for_route to Grape::Middleware::Base
|
@dblock, I've added some commits that move OPTIONS support down to the middleware level— In addition to this, I've also added a I haven't added these to the default stack in Also, existing specs covered that a /ping @mbleigh |
| @@ -0,0 +1,12 @@ | |||
| class Grape::Middleware::BadMethod < Grape::Middleware::Base | |||
There was a problem hiding this comment.
I think BadMethod may be a poor naming choice (totally inspired by existing code). What this middleware does is check whether the method is allowed or not, I would rename it to just Method.
There was a problem hiding this comment.
Agree. Lets rename it to Method
|
This is very much on the right track. Needless to say I much rather have a middleware implementation for this than the homegrown route mounting one. If you had all specs passing, and added a line to CHANGELOG, I would merge this. If you need help with something, like the question you had on inserting this into the middleware stack, glad to help, just say that you're stuck with a specific thing. The content-type is something that was definitely by design. See #343. |
Added implementation for setting the content-type to text/plain for 405 response.
| allowed_methods = allowed_methods_for_route | ||
|
|
||
| unless allowed_methods.include? env['REQUEST_METHOD'] | ||
| [405, { 'Allow' => allowed_methods.join(', '), 'Content-Type' => 'text/plain' }, []] |
|
Looks closer. Did you look at the spec failures? |
|
I haven't covered the spec failures yet… I'm relying on the …What do you think? |
|
You could setup the middleware explicitly at construction time instead and modularize |
|
Understood. I'll ship the first cut. Thanks! |
|
Bump. I still want this! |
|
I abandoned this branch because… it didn't really work. Middlewares should not be run with any knowledge of other middlewares up the stack — introspecting the routes in the way that I was attempting wouldn't work consistently because the middleware would need to be loaded / required / ordered in such a way that it was the first middleware on the stack, which I think is a good sign that something wasn't quite right. |
|
Given #498, what do you all think I should do with this issue? |
|
Given that there is a working OPTIONS implementation now… then we can probably close this. |
|
Closing. |
I want to extend the response that an API will return for OPTIONS requests — I started by writing a middleware:
A get request will through the error:
but an options request will not:
Any thoughts, @mbleigh ?