Add an API for CORS handling in Sitelets #999
Assignees
Labels
Comments
|
After looking in more detail into CORS, this is what I now believe would be a good API: /// Use as an endpoint to indicate that it must check for Cross-Origin Resource Sharing headers.
/// In addition to matching the same endpoints as 'EndPoint does, this also matches preflight OPTIONS requests.
/// The corresponding Content should use Content.Cors.
type Cors<'EndPoint> =
internal {
DefaultAllows : CorsAllows
/// If None, then this is a preflight OPTIONS request.
EndPoint : option<'EndPoint>
}
/// Indicates the "Access-Control-Xyz" headers to send.
and CorsAllows =
{
Origins : seq<string>
Methods : seq<string>
Headers : seq<string>
ExposeHeaders : seq<string>
MaxAge : option<int>
Credentials : bool
}
module Content =
/// Respond to a Cross-Origin checked request.
val Cors : Cors<'EndPoint>
-> (CorsAllows -> CorsAllows)
-> ('EndPoint -> Async<Content<'OuterEndPoint>>)
-> Async<Content<'OuterEndPoint>>Example use: type ApiEndPoint =
| [<EndPoint "GET /item">] GetItem of int
| [<EndPoint "POST /item"; Json "data">] PostItem of data: Data
| [<EndPoint "PUT /item"; Json "data">] PutItem of data: Data
type MainEndPoint =
| [<EndPoint "GET /">] Home
| [<EndPoint "/">] Api of Cors<ApiEndPoint>
let Website = Application.MultiPage (fun ctx endpoint ->
match endpoint with
| Home -> // ...
| Api cors ->
Content.Cors cors
<| fun allows -> // [1]
{ allows with
Origins = ["*"]
Headers = ["Content-Type"; "Authorization"] }
<| function
| GetItem it -> // ...
| PostItem it -> // ...
| PutItem it -> // ...
)[1]: The |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Remoting already handles CORS; we need to add an API to indicate that a Sitelet endpoint should handle CORS. Maybe with a
[<Cors>]attribute on the endpoint?Requested on the forums.
The text was updated successfully, but these errors were encountered: