Fork me on GitHub
#reitit
<
2020-05-10
>
Michael Thurmond18:05:51

I have a reitit server and a reagent template and I'm trying to allow CORS. I've tried using wrap-cors from ring middleware but am having trouble getting it to work. Has anyone else experience this?

(def app2
  (ring/ring-handler
    (ring/router
      [["/" {:get {:handler index-handler}}]
       ["/items"
        ["" {:get {:handler index-handler}}]
        ["/:item-id" {:get {:handler    index-handler
                            :parameters {:path {:item-id int?}}}}]]
       ["/about" {:get {:handler index-handler}}]]
      {:data {:coercion   reitit.coercion.spec/coercion
              :muuntaja   m/instance
              :middleware [params/wrap-params
                           muuntaja/format-middleware
                           coercion/coerce-exceptions-middleware
                           coercion/coerce-request-middleware
                           coercion/coerce-response-middleware]}})
    (ring/create-default-handler)))

dharrigan18:05:15

I have cors working with reitit

dharrigan18:05:24

here is what I have (cut-down...)

dharrigan18:05:32

(def cors {"Access-Control-Allow-Origin" "*"
           "Access-Control-Allow-Headers" "Origin, Accept, Access-Control-Request-Method, Access-Control-Allow-Headers, Content-Type, *"})

Michael Thurmond18:05:55

where do you place the def cors?

dharrigan18:05:56

(defn cors-handler
  [_]
  {:headers cors :status ok})

dharrigan18:05:15

(defn router
  [app-config]
  (ring/router
   [["/api"
     ["/ping" {:get {:handler pong}}]
     ["/foobar"
      ["" {:options {:handler cors-handler}
...
...
...

Michael Thurmond18:05:21

ah so create a custom fn

dharrigan18:05:33

All those are contained within one namespace

dharrigan18:05:39

then you can reuse eit

Michael Thurmond18:05:45

cool, I'll give it a shot! thanks!

dharrigan18:05:54

/foobar also has a :post

dharrigan18:05:14

so when the client does an options first, before the post, it'll hit the cors handler, get back a nice responsee, then invoke the post.

Michael Thurmond18:05:56

do you have to add this on every route? or can you add to the parent api/?

dharrigan18:05:00

Doesn't cors mandate that before any dangerous operation, i.e., anything that can modify anything, like POST/PUT/DELETE, then the "options" is hit for that API endpoint

dharrigan18:05:15

so, if you have POST /foo then the client would invoke a OPTIONS /foo

dharrigan18:05:27

or a DELETE /foo an OPTIONS /foo

dharrigan18:05:36

so maybe it has to go on each API, rather than the root

dharrigan18:05:52

I only have one API endpoint atm, so have it against the /foobar route.

dharrigan18:05:16

worth trying! 🙂

dharrigan18:05:25

easy to test by moving the handler up a level.

dharrigan18:05:15

(defn router
  [app-config]
  (ring/router
   [["/api"
     ["/ping" {:get {:handler pong}}]
     ["/foobar"
      ["" {:options {:handler cors-handler}
           :post {:handler (create-entry app-config)
                  :parameters {:body {:user-id s/Int
                                      :age s/Int}}}}]]

dharrigan18:05:12

bbl - have to pop out - hope it works for you! 🙂

Michael Thurmond19:05:00

bad luck for me, still being blocked