Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add CORS headers to microservice #17

Merged
merged 3 commits into from
Jan 12, 2017
Merged

Add CORS headers to microservice #17

Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f243bb3
Add CORS headers to microservice
juandjara Jan 11, 2017
04f5916
Update index.js
juandjara Jan 12, 2017
9c7e326
Revert "Update index.js"
juandjara Jan 12, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions src/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ const { pushView } = require('./utils')

module.exports = async function (req, res) {
const { pathname, query } = url.parse(req.url, /* parseQueryString */ true)
res.setHeader('Access-Control-Allow-Origin', '*')
res.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept")
Copy link
Member

@mxstbr mxstbr Jan 12, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I understand this right (I might have this totally wrong though, not an expert so correct me), the Access-Control-Allow-Headers header tells the client which headers it can send and the server will respect, right? But we don't respect Content-Type nor Accept at all, we always just send JSON?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I had not thought of that. I just copied this from another project, I tried it and it worked. I know at least the Origin header is necessary, not sure about X-Requested-With

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we need X-Requested-With, at least according to this SO answer? https://stackoverflow.com/questions/17478731/whats-the-point-of-the-x-requested-with-header#22533680

Am I reading that right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That seems right. I wil check it later today and update this PR

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for digging into this, appreciated! Definitely want to get this right 😊

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok so I tested and found that no headers are actually necessary so I'm reverting last commit.

// Send all views down if "?all" is true
if (String(query.all) === 'true') {
const data = {
Expand Down