Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

CORS plugin supersedes OPTIONS endpoint mappings

See original GitHub issue

When enabling CORS, adding an endpoint handler for OPTIONS no longer works. Example:

val app = Javalin.create { config ->
  config.enableCorsForAllOrigins()
}.options("/test") { ctx -> ctx.result("test") }

app.start()

curl -X OPTIONS http://localhost:7000/test
# no value for response

Looking at the code, io.javalin.core.util.CorsPlugin adds both a before handler and an endpoint handler (for *). After the endpoint handler runs, the servlet ignores every other possible match for the route.

It is possible to work around this by adding an after handler to the desired path and testing for the OPTIONS method:

val app = Javalin.create { config ->
  config.enableCorsForAllOrigins()
}.after("/test") {
  if (ctx.method() == "OPTIONS") {
    ctx -> ctx.result("test")
  }
}

app.start()

curl -X OPTIONS http://localhost:7000/test
# test

But that feels contrived. I feel at least a warning in the docs about not being able to use OPTIONS endpoint handlers together with the CORS plugin would be nice, but ideally enabling CORS wouldn’t be so intrusive.

With regards to use-cases, RFC 7231 says that “the OPTIONS method requests information about the communication options available for the target resource” . In our case, we wanted to add some metadata to some tricky endpoint payloads, to make the life of API clients easier.

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:6 (6 by maintainers)

github_iconTop GitHub Comments

1reaction
tipsycommented, Aug 26, 2020

Yes, you are correct 😃

0reactions
tipsycommented, Aug 27, 2020

No worries, didn’t mean to rush you !

Read more comments on GitHub >

github_iconTop Results From Across the Web

Enabling Cross Origin Requests for a RESTful Web Service
This guide walks you through the process of creating a “Hello, World” RESTful web service with Spring that includes headers for Cross-Origin Resource ......
Read more >
Spring Boot enabling CORS by application.properties
I'm setting the CORS configuration using the applicantion.properties specified here. My basic configuration is: endpoints.cors.allow-credentials ...
Read more >
Cross-Origin Resource Sharing (CORS) Support for OIDC ...
CORS support with OIDC improves the secure access to OIDC endpoints from OIDC Client applications on other domains.
Read more >
CORS support for OAuth endpoints - 11.2 - Documentation
PingFederate supports cross-origin resource sharing (CORS) for several OAuth endpoints. ... Configuring attribute sources and user lookup for token mapping ...
Read more >
Configure Salesforce CORS Allowlist
Cross-Origin Resource Sharing (CORS) allows web browsers to request resources from other origins. For example, using CORS, the JavaScript for a web applic....
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Expose correct matching path in `app.before()`

Next page

Logging: Include the bytes sent in request logging