Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Headers set in before not respected for auto generated method OPTIONS #406

Closed
jbarreneche opened this issue May 15, 2013 · 8 comments
Closed

Headers set in before not respected for auto generated method OPTIONS #406

jbarreneche opened this issue May 15, 2013 · 8 comments
Labels
confirmed bug

Comments

@jbarreneche
Copy link
Contributor

This is useful for CORS (see issue #170)

Example:

require 'grape'

class Test < Grape::API
  before do
    header "Access-Control-Allow-Origin", "*"
  end

  post "/" do
    "Hello"
  end
end

run Test

The header for the method POST works correctly

$ curl -i -X POST  --data "" localhost:9292/   
HTTP/1.1 201 Created 
Access-Control-Allow-Origin: *
Content-Type: text/plain
Content-Length: 5
Server: WEBrick/1.3.1 (Ruby/2.0.0/2013-02-24)
Date: Wed, 15 May 2013 13:53:28 GMT
Connection: Keep-Alive

Hello

but the header for the method OPTION doesn't respect the headers set in the before block.

$ curl -i -X OPTIONS  --data "" localhost:9292/
HTTP/1.1 204 No Content 
Allow: OPTIONS, POST
Server: WEBrick/1.3.1 (Ruby/2.0.0/2013-02-24)
Date: Wed, 15 May 2013 13:54:45 GMT
Connection: Keep-Alive

The culprit seems to be the way this method is added to the route set.

I can try to fix it, but I'd like some pointers on the best way to build that enpoint so it includes the before callbacks.
@dblock
Copy link
Member

dblock commented May 16, 2013

Good finding. Looking forward to a PR. If you can't figure it out, I'll take a look. Either way, write a spec that fails, that would be helpful.

@dblock
Copy link
Member

dblock commented May 29, 2013

I think this may be related to #414, too.

@seansu4you87 seansu4you87 mentioned this issue Jun 7, 2013
Closed
@jure
Copy link

jure commented Jun 20, 2013

It also looks like the headers don't get added for errors either. Which has an interesting consequence if raising errors is part of your normal workflow, as in, raise 401 if unauthorized. When the error is raised, it has no Access-Control-Allow-Origin header and instead of your error being returned, it causes this error:
XMLHttpRequest cannot load http://localhost:3000/api/v2/endpoint?access_token=none&query=a. Origin http://localhost:9000 is not allowed by Access-Control-Allow-Origin.

Maybe I should open up a new issue for that @dblock?

@dblock
Copy link
Member

dblock commented Jun 20, 2013

@jure => That is probably because you're injecting the CORS middleware inside Grape, try adding it outside Grape in your config.ru like the example in the README.

@jure
Copy link

jure commented Jun 20, 2013

Thanks, that works fine. I was following this bit of advice: #170. Serves me right for not RTFM. :) Thanks.

@jackbit
Copy link

jackbit commented Aug 1, 2013

it could help you
#422 (comment)

@karlfreeman karlfreeman mentioned this issue Nov 4, 2013
Merged
@robertogyn19 robertogyn19 mentioned this issue Nov 21, 2013
Closed
@dblock
Copy link
Member

dblock commented Nov 24, 2013

Ok, who thinks this is resolved and can be closed?

@dm1try
Copy link
Member

dm1try commented Apr 3, 2014

Already fixed. Test example works as expected. Closed.

@dm1try dm1try closed this as completed Apr 3, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
confirmed bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jbarreneche @jackbit @jure @dm1try @dblock