Message7502
upon developing a rest frontend for roundup i came across
the need for so called CORS preflight requests.
see https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request
basically this is a "OPTIONS" request that gets sent by the browser when
you want to do CORS.
in frontend development i have a roundup-server running on port 8080 and
a node.js server running on port 8081 where the frontend gets
developed (vue.js with hot module reload etc.)
the web frontend gets loaded from the node.js server at port 8081 (to
have all the fancy hot reloading working) and communicates with the rest
api of the roundup server at port 8080 thus forming a nice CORS setup
where the browser issues CORS preflight requests before any real
request to ask the server what he is allowed to do.
attached is a patch that i have applied to make this working.
as i am not really deep in the CORS thing i am not sure if my solution
covers all aspects of this or has any security impacts.
the patch most likely also needs to be utilized for the xmlrpc frontend
if it gets accessed from within a webbrowser - can't imagine who wants
this, but maybe we should support it - but maybe it should be implemented
for all web requests ? - could make sense to also talk to the html
frontend directly via CORS from within another webpage.
so the patch is meant as a starting point to discuss how this can be added
to roundup at all - and what i needed to start hacking with the rest api.
note that when you finally run the web frontend served from the same url
where the rest api is running, you dont need this at all !
regards,
marcus. |
|
Date |
User |
Action |
Args |
2022-05-04 06:21:39 | marcus.priesch | set | recipients:
+ marcus.priesch, schlatterbeck, rouilj |
2022-05-04 06:21:39 | marcus.priesch | set | messageid: <1651645299.07.0.4031350746.issue2551203@roundup.psfhosted.org> |
2022-05-04 06:21:39 | marcus.priesch | link | issue2551203 messages |
2022-05-04 06:21:38 | marcus.priesch | create | |
|