CORSMiddleware: Creates CORS middleware object

Description

Adds CORS to Application. CORS Middleware out of the box in RestRserve to turn on/off the CORS Headers on preflight validation from the browser.

Cross Origin Resource Sharing is an additional security check done by moderns browsers to avoid request between different domains. To allow it RestRserve has easy way to enable your CORS policies. By default CORS policies are disabled. So if any request is coming from a different domain will be blocked by the browser as default because RestRserve will not send the headers required by the browser to allow cross site resource sharing. You can change this easy just by providing CORSMiddleware as middleware to the Application.

This class inherits from Middleware.

Arguments

Format

R6::R6Class object.

Construction

CORSMiddleware$new(routes, match = "exact", id = "CORSMiddleware")

routes :: character() Routes paths to protect.
match :: character() How routes will be matched: exact or partial (as prefix).
id :: character(1) Middleware id

References

MDN

Examples

Run this code

# NOT RUN {
app = Application$new(middleware = list(CORSMiddleware$new()))
app$add_post(path = "/hello", FUN = function(req, res) {
  res$set_body("Hello from RestRserve!")
})
app$add_route("/hello", method = "OPTIONS", FUN = function(req, res) {
 res$set_header("Allow", "POST, OPTIONS")
})
req = Request$new(
  path = "/hello",
  headers = list("Access-Control-Request-Method" = "POST"),
  method = "OPTIONS"
)
app$process_request(req)

# }