aspnetcore-realworld-example-app
aspnetcore-realworld-example-app copied to clipboard
Published
20 hours ago •
gothinkster
gothinkster
CORS and pre-flight OPTIONS requests.
Are OPTIONS action needed for CORS pre-flight requests?
See here: https://github.com/Dotnet-Boxed/Templates/blob/master/Source/Content/ApiTemplate/Controllers/CarsController.cs#L24-L64
/// <summary>
/// Returns an Allow HTTP header with the allowed HTTP methods.
/// </summary>
/// <returns>A 200 OK response.</returns>
[HttpOptions]
[SwaggerResponse(StatusCodes.Status200OK, "The allowed HTTP methods.")]
public IActionResult Options()
{
this.HttpContext.Response.Headers.AppendCommaSeparatedValues(
HeaderNames.Allow,
HttpMethods.Get,
HttpMethods.Head,
HttpMethods.Options,
HttpMethods.Post);
return this.Ok();
}
/// <summary>
/// Returns an Allow HTTP header with the allowed HTTP methods for a car with the specified unique identifier.
/// </summary>
/// <param name="carId">The cars unique identifier.</param>
/// <returns>A 200 OK response.</returns>
[HttpOptions("{carId}")]
[SwaggerResponse(StatusCodes.Status200OK, "The allowed HTTP methods.")]
public IActionResult Options(int carId)
{
this.HttpContext.Response.Headers.AppendCommaSeparatedValues(
HeaderNames.Allow,
HttpMethods.Delete,
HttpMethods.Get,
HttpMethods.Head,
HttpMethods.Options,
HttpMethods.Patch,
HttpMethods.Post,
HttpMethods.Put);
return this.Ok();
}
Wait no... I think you have to manually have this to respond to OPTIONS requests and that is not built into MVC. Why dont we have these?
Browsers do preflight checks but it wasn't part of the API spec (or I didn't see it when I originally did the work). PRs welcome.
Do we have help-wanted or up-for-grabs labels?
https://github.com/aspnet/Docs/issues/7268#issuecomment-446595339