OPTIONS, Preflight and JWT

[Derek B]

 I am building an Ionic3/Angular/Cordova app. I am also using JSON Web Tokens and sending them in the Authorization header. 

Angular is sending a preflight OPTIONS request but according to the spec, OPTIONS request don't send any authorization requests, so the preflight is failing. 

Is there a way to make any options requests return 200?

https://stackoverflow.com/questions/15734031/why-does-the-preflight-options-request-of-an-authenticated-cors-request-work-in

[Derek B]

I believe I got it since it works.

onTaffyRequest()

            if(verb contains "options") {

                return rep({status: "OK"}).withStatus(200, "OK");

            }

I tried verb eq with no luck, not sure what else is in there. Tried noData() with no luck. Settled on this.

[Adam Tuttle]

This setting is what you're looking for:

http://docs.taffy.io/3.1.0#allowcrossdomain

Sorry I can't be more verbose. I'm in the Pennsylvania wilderness for the remainder of the week.

--
You received this message because you are subscribed to the Google Groups "Taffy Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to taffy-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Derek]

Ya, it doesn't work. I already had that on.

Are you doing ur checks before onTaffyRequest?

THis is my onTaffyRequest.

        function onTaffyRequest(verb, cfc, requestArguments, mimeExt, headers){

            // need to satisfy CORS angular preflight checks

            // if(LCase(Trim(verb)) eq "options") {

            //     return rep({status: "OK"}).withStatus(200, "OK");

            // }

            //allow white-listed requests through

            if (listFindNoCase("authenticate,register",cfc)){

                return true;

            }

            /* Extract the token from the authorization header */

            /* auth header comes in the form of "Bearer <token>" */

            if (!structKeyExists(arguments,"headers") || !structKeyExists(arguments.headers,"authorization")

                 || (structKeyExists(arguments.headers, "authorization") && arguments.headers.authorization does not contain "Bearer")) {

                return newRepresentation().noData().withStatus(401, "Not Authenticated. Please log in.");

            } else {

                requestArguments.jwtToken = listLast(arguments.headers.authorization," ");

                if(!validateToken(requestArguments.jwtToken)){

                    return newRepresentation().noData().withStatus(403, "You do not have authorization to make this request. Please log in.");

                }

            }

            //if a token is included, and valid, allow the request to continue

            return true;

        }

--
You received this message because you are subscribed to a topic in the Google Groups "Taffy Users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/taffy-users/pbeGvZCqwpA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to taffy-users+unsubscribe@googlegroups.com.