baucis
baucis copied to clipboard
Support OPTIONS
Set Accept
headers appropriately in response.
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
HTTP/1.1 200 OK
Date: Mon, 01 Dec 2008 01:15:39 GMT
Server: Apache/2.0.61 (Unix)
Access-Control-Allow-Origin: http://foo.example
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: X-PINGOTHER
Access-Control-Max-Age: 1728000
Vary: Accept-Encoding, Origin
Content-Encoding: gzip
Content-Length: 0
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/plain
Example from: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
Don't set CORS headers; set headers as normal but send no body. Perhaps send some kind of body describing the options for the resource.
Two cents on this.
To support CORS, we are using the following middleware when needed: https://github.com/Icinetic/model-101/blob/master/app/services/authz.js#L37-L44
//CORS enabled for allowing 3rd party web-apps to consume Swagger metadata and backend.
//Disable it commenting this block if you don not need it. ----------
app.all('*', function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*"); //Change * to your host domain
res.header("Access-Control-Allow-Headers", "X-Requested-With, Content-Type");
res.header("Access-Control-Allow-Methods", "OPTIONS,GET,POST,PUT,DELETE");
next();
});