Improve CORS to cover all api routes, including get and post

This commit is contained in:
Tom Bloor 2017-04-25 20:13:34 +01:00
parent fed62641ad
commit 0292ac7e2e

View file

@ -110,22 +110,22 @@ sub startup {
# $r->post('/register')->to('register#register'); # $r->post('/register')->to('register#register');
$r->any('/admin/logout')->to('admin#auth_logout'); $r->any('/admin/logout')->to('admin#auth_logout');
my $api_public_get = $r->under('/api'); my $api_public_get = $r->under('/api' => sub {
$api_public_get->get('/info/ages')->to('api-info#get_ages');
$api_public_get->options('*' => sub {
my $self = shift; my $self = shift;
$self->res->headers->header('Access-Control-Allow-Origin'=> '*'); $self->res->headers->header('Access-Control-Allow-Origin'=> '*');
$self->res->headers->header('Access-Control-Allow-Credentials' => 'true'); $self->res->headers->header('Access-Control-Allow-Credentials' => 'true');
$self->res->headers->header('Access-Control-Allow-Methods' => 'GET, OPTIONS, POST, DELETE, PUT'); $self->res->headers->header('Access-Control-Allow-Methods' => 'GET, OPTIONS, POST, DELETE, PUT');
$self->res->headers->header('Access-Control-Allow-Headers' => 'Content-Type, X-CSRF-Token'); $self->res->headers->header('Access-Control-Allow-Headers' => 'Content-Type, X-CSRF-Token');
$self->res->headers->header('Access-Control-Max-Age' => '1728000'); $self->res->headers->header('Access-Control-Max-Age' => '1728000');
$self->respond_to(any => { data => '', status => 200 });
}); });
$api_public_get->options('*' => sub {
$self->respond_to(any => { data => '', status => 200 });
});
$api_public_get->get('/info/ages')->to('api-info#get_ages');
# Always available api routes # Always available api routes
my $api_public = $r->under('/api')->to('api-auth#check_json'); my $api_public = $api_public_get->under('/')->to('api-auth#check_json');
$api_public->post('/login')->to('api-auth#post_login'); $api_public->post('/login')->to('api-auth#post_login');
$api_public->post('/register')->to('api-register#post_register'); $api_public->post('/register')->to('api-register#post_register');