Menu
▾
▴
Re: [Naviserver-users] OPTIONS method
|
From: Decent E. <dec...@gm...> - 2025-11-07 11:10:18
|
I wanted to report back that I needed to add "Authorization" to
Access-Control-Allow-Headers in order for HTTP AUTH to be permitted.
And now we have a CORS compliant API we've tested is indeed working.
# Simple CORS-style preflight handler
ns_register_proc OPTIONS /support/api/* {
ns_set put [ns_conn outputheaders] Access-Control-Allow-Origin "*"
ns_set put [ns_conn outputheaders] Access-Control-Allow-Methods "GET,
POST, OPTIONS"
ns_set put [ns_conn outputheaders] Access-Control-Allow-Headers
"Content-Type, Authorization, X-Requested-With"
ns_return 204 text/plain ""
}
On Fri, Nov 7, 2025 at 4:58 PM Gustaf Neumann (sslmail) <ne...@wu...>
wrote:
> The following should work:
>
> # Simple CORS-style preflight handler
> ns_register_proc OPTIONS /api/* {
> ns_set put [ns_conn outputheaders] Access-Control-Allow-Origin "*"
> ns_set put [ns_conn outputheaders] Access-Control-Allow-Methods "GET,
> POST, OPTIONS"
> ns_set put [ns_conn outputheaders] Access-Control-Allow-Headers
> "Content-Type, X-Requested-With"
> ns_return 204 text/plain ""
> }
>
>
> -g
>
> On 07.11.2025, at 09:31, Decent Espresso <dec...@gm...> wrote:
>
> I’m being asked why naviserver doesn’t seem to support the OPTIONS method,
> which CORS can occasionally use.
>
> Perhaps it does, and I haven’t configured it?
>
> curl -X OPTIONS http://decentespresso.com
> <!DOCTYPE html>
> <html lang='en'>
> <head>
> <meta charset='UTF-8'>
> <meta name='viewport' content='width=device-width, initial-scale=1.0'>
> <title>Method Not Allowed</title>
> </head>
> <body>
> <h2>Method Not Allowed</h2>
> The requested method is not allowed on this server.
> <p style='text-align: right; font-size: small; font-style: italic;'>
> NaviServer/5.0.1
> </p>
>
> </body>
>
>
> _______________________________________________
> Naviserver-users mailing list
> Nav...@li...
> https://lists.sourceforge.net/lists/listinfo/naviserver-users
>
>
>
|
