Add header

[whit...@gmail.com]

Hi,

How can i add an "Access-Control-Allow-Origin" header?

Thank you
Urs

[Peter Širka]

Hello,

here is full example: https://github.com/totaljs/examples/tree/master/cors

Thanks!

[whit...@gmail.com]

Hi Peter

Tried one more hour today, unfortunately still can't get it to work...

=======
exports.install = function(framework) {
framework.route('/auth/login', auth_login, ['post', 'xhr']);
};

function auth_login() {
var self = this;
if (!self.cors('*', ['POST'])) {
self.json({foo: 'Not allowed'});
return;
}

self.json({ foo: 'Bar' });
}
=======

If i do a:
curl -X OPTIONS -ik 'http://localhost:8000/auth/login' -H "Origin: http://localhost:9000"

I get:
HTTP/1.1 404 Not Found

What's wrong with it?

Thanks
Urs

[Peter Širka]

Hi Urs,

- your request doesn't contain POST method and XMLHttpRequest (XHR).

- framework doesn't support OPTIONS method (but new version will support :-D)

Solution:

framework.route('/auth/login', auth_login, ['post']);

curl -X POST -ik 'http://localhost:8000/auth/login' -H "Origin: http://localhost:9000"

Thanks!

[whit...@gmail.com]

I had "post" only before, but played around a lot. Only used curl as an example. The app is running in a browser of course.

So, Chrome sends a preflight CORS request because I'm doing a cross domain request, which total.js can't handle?

When will it be supported?

[Peter Širka]

This must work. All it's OK, but framework doesn't support OPTIONS flag attribute now.

Please write me an example of client-side demo with CORS request and I'll write a server side example, ok?

Thanks :-)

[whit...@gmail.com]

Hi Peter,

That would be amazing!

You can get the whole package here:
https://drive.google.com/file/d/0ByPglfVV0LufT1AycWtPaFNfM2c/edit?usp=sharing

It's 27MB because it includes the whole angular setup done by yeoman.

server runs on port 8000.

You can start the client with "grunt serve", or may use the content of the "dist" folder on an other webserver ("grunt serve" runs on port 9000).

Thank you very much
Urs

[Peter Širka]

Hi Urs,

I found a big problem with CORS, but I fixed it (THANKS).

Example in attachment contains new version of total.js (unpublished), please try to test it and give me your feedback.

Thanks!

[whit...@gmail.com]

Hi Peter,

I have to thank YOU!

Looks good so far. Very nice. Should have a bit more time tomorrow.

Thanks
Urs

[Hasan A Yousef]

Hi Peter,

I've this HTML that is running outside the server

<!DOCTYPE html>

<html>

<body>

<div id="demo"><h2>Let AJAX change this text</h2></div>

<button type="button" onclick="loadDoc()">Change Content</button>

<script>

function loadDoc() {

  var xhttp = new XMLHttpRequest() ,

       method = 'POST' , 

  url = 'http://localhost:8000/';

  xhttp.onreadystatechange = function() {

    if (xhttp.readyState == 4 && xhttp.status == 200) {

      document.getElementById("demo").innerHTML = xhttp.responseText;

    }

  }

  xhttp.open( method , url , true );

  xhttp.send([{"itemcode":"03300-SF-5098-0"},{"itemcode":"03300-SF-5098-0"}]);

}

</script>

</body>

</html>

my controller.j is:

exports.install = function() {

   F.route('/', json_users, ['post']);

};

function json_users() {

    var self = this;

    var sql = DB();

    console.log(self.cors('Access-Control-Allow-Origin','*'));

    

        if (!self.cors('Access-Control-Allow-Origin','*')) {

        self.json({ flash: 'Not allowed' });

        return;

    }

    

 console.log('post'+self.post);

}

and it gave me this error:

XMLHttpRequest cannot load http://localhost:8000/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 403.