jaguar_cors 3.0.2 jaguar_cors: ^3.0.2 copied to clipboard
CORS interceptor for Jaguar. Use Cors interceptor and CorsOptions configuration class to add CORS support to Jaguar server applications.
jaguar_cors #
CORS interceptor for Jaguar.dart servers
Example #
A complete example can be found here.
library main;
import 'dart:async';
import 'package:jaguar/jaguar.dart';
import 'package:jaguar_cors/jaguar_cors.dart';
static const corsOptions = const CorsOptions(
allowedOrigins: const ['http://mine.com'],
allowAllHeaders: true,
allowAllMethods: true);
@Api(path: '/api')
class Routes extends Object with CorsHelper {
@Route(methods: const ['GET', 'OPTIONS'])
Response<String> get(Context ctx) {
cors(ctx);
if(ctx.req.method != 'GET') return null;
return Response.json('Hello foreigner!');
}
@Route(methods: const ['POST', 'OPTIONS'])
Future<Response<String>> post(Context ctx) async {
cors(ctx);
if(ctx.req.method != 'POST') return null;
return Response.json(await ctx.req.bodyAsJson());
}
}
main() async {
final server = Jaguar(port: 9000);
server.addApi(reflect(Routes()));
server.log.onRecord.listen(print);
await server.serve();
}
Docs #
Configuring Cors interceptor #
CorsOptions is used to configure cors
Interceptor.
- allowedOrigins
List<String>
: A list of origins a cross-domain request can be executed from. Setting [allowAllOrigins] to [true] overrides [allowedOrigins] and allows all origins. - allowAllOrigins
bool
: Allows all origins. If set totrue
, overrides allowedOrigins option. - allowedMethods
List<String>
: A list of methods the client is allowed to use with cross-domain requests. Default value is simple methods (GET
andPOST
). - allowAllMethods
bool
: Allows all methods. If set totrue
, overrides allowedMethods option. - allowedHeaders
List<String>
: A list of non simple headers the client is allowed to use with cross-domain requests. - allowAllHeaders
bool
: Allows all headers. If set totrue
, overrides allowedHeaders option. - exposeHeaders
List<String>
: Indicates which headers are safe to expose to the API of a CORS API specification - exposeAllHeaders
bool
: Exposes all headers. If set totrue
, overrides exposeHeaders option. - allowCredentials
bool
: Indicates whether the request can include user credentials like cookies, HTTP authentication or client side SSL certificates. The default isfalse
. - maxAge
int
: Indicates how long (in seconds) the results of a preflight request can be cached. The default is0
which stands for no max age. - vary
bool
: - allowNonCorsRequests
bool
: Should non-CORS requests be allowed?
See API documentation for more info.
Example #
static const options = const CorsOptions(
allowedOrigins: const ['http://mine.com'],
// allowedHeaders: const ['X-Requested-With'],
allowAllHeaders: true,
allowAllMethods: true);
Wrapping the Cors interceptor #
The cors
interceptor itself is simple to use. It accepts a CorsOptions
object as configuration.
Note:
- Make sure that the route handler method/function accepts OPTIONS method.
- If same route handler method/function is used to handle both preflight and actual route, the actual route body is skipped during preflight requests
@Route(methods: const ['GET', 'OPTIONS'])
Response<String> get(Context ctx) {
cors(ctx);
if(ctx.req.method != 'GET') return null; // Skips for preflight requests
return Response.json('Hello foreigner!');
}
Example #
@Route(methods: const ['GET', 'OPTIONS'])
Response<String> get(Context ctx) {
cors(ctx);
if(ctx.req.method != 'GET') return null;
return Response.json('Hello foreigner!');
}