Cup and CORS

[Philippe Fuentes]

Hi everybody,

Did anyone manage to use Cup with CORS ?

When I try to upload files using Cup, I send OPTIONS http request instead of POST

Thank you

Philippe

[Ross Boucher]

OPTIONS is the first step in the CORS process. Your server needs to respond with the appropriate headers before the POST can occur.

--
You received this message because you are subscribed to the Google Groups "Cappuccino & Objective-J" group.
To unsubscribe from this group and stop receiving emails from it, send an email to objectivej+...@googlegroups.com.
To post to this group, send email to objec...@googlegroups.com.
Visit this group at http://groups.google.com/group/objectivej.
For more options, visit https://groups.google.com/d/optout.

[Philippe Fuentes]

For my webservice access, I already work around CORS by avoiding "pre-flighting" in the process, following Fred Potter solution in the following thread:

https://groups.google.com/forum/#!topic/objectivej/zuQOLruJECE

It works fine, I add:

Header add Access-Control-Allow-Origin "*"
server side in my .htaccess and prepare my request by doing the following:

    [[request allHTTPHeaderFields] removeAllObjects];

    [request setHTTPMethod:@"POST"];

I'd like to keep the same logic using Cup, does that make sens ?

Thanks for ur reply

[Ross Boucher]

It may be useful to read up on the full documentation for CORS somewhere like:

http://www.html5rocks.com/en/tutorials/cors/

But, more specifically, I'd inspect the requests in the network tab of the web inspector. It will tell you what headers are being sent that were unexpected (see Access-Control-Request-Headers).

--

[Andrew Hankinson]

There is a pending pull request that deals specifically with enabling CORS on CPURLRequest:

https://github.com/cappuccino/cappuccino/pull/2272

It’s currently in the queue, waiting for someone to have time to review it.

With this patch, however, you can do the following:

var req = [CPURLRequest requestWithURL:”http://example.com”]

[req setWithCredentials:YES]

[[CPURLConnection alloc] initWithRequest:req delegate:self startImmediately:YES];

This should take care of setting the CORS request headers, etc.

See this file for an expanded example:

https://github.com/ahankinson/cappuccino/blob/642dc36c4197dcf06ecdf097ca5e9884852b9b6e/Tests/Manual/CrossOriginTest/AppController.j

-Andrew

[Philippe Fuentes]

Ok, thanks for this info.

however, as stated above, I have no problem working with CORS using CPURLRequest (removing all headers [[request allHTTPHeaderFields] removeAllObjects];)

I guess I'll have to deep into Cup to find a way to make it work with CORS.

Thanks

[Todd Freese]

I use CORS and Cup.

It's been a while since I set it up, but I know I had to add this into my apache config.

# Setup CORS.

<files index.php>

<IfModule mod_headers.c>

Header set Access-Control-Allow-Origin "*"

Header set Access-Control-Allow-Methods "POST, OPTIONS"

Header set Access-Control-Allow-Headers "Content-Type, Content-Range, Content-Disposition, Content-Description"

</IfModule>

</files>

Works great.

Todd

[Philippe Fuentes]

Very interesting, thank you, so Cup has nothing to do with my problem.

Will go further and update this post when I find what I'm doing wrong.

Thank you all

[Todd Freese]

I believe it has more to do with if your site is be served from one server and your trying to upload to another server you would need CORS to allow it.

Todd

[Philippe Fuentes]

Ok got it...

Cup server side (UploadHandler.php in my case) defines by default the header Access-Control-Allow-Origin to "*", 

And I was also doing it in my .htaccess

Had to disable this default definition by specifying custom option:

 $options = array(   'upload_dir' => $currentTargetPath.'/files/',
                     'access_control_allow_origin' => null);


 $uploadHandler = new UploadHandler($options);

Thank u all for your feedbacks, saved me some time, was not on the right direction :)

Philippe