Support for enabling only for develop environment

appcela / grails3-cors-interceptor

Add Cross-Origin Resource Sharing (CORS) headers for Grails 3 applications.

MIT License

10 stars 2 forks source link

Support for enabling only for develop environment #1

Closed kuceram closed 9 years ago

kuceram commented 9 years ago

It would be nice to have a configuration for switching CORS interceptor on and off. Than it would be easy to turn it on only for development.

ichangxappcela commented 9 years ago

Added new configuration settings 'includeEnvironments' and 'excludeEnvironments'. Please see README for details.

kuceram commented 9 years ago

Works nice, thanks!

ichangxappcela commented 9 years ago

:smile:

pangeaos commented 9 years ago

Good job

How is this work?

I wrote this in application.yml: corsInterceptor: includeEnvironments: ['development', 'test', 'production'] excludeEnvironments: ['production'] allowedOrigins: ['domain.com']

It seems that all origins can access even localhost. I would like to have only access to domain.com. Is it missing something? thanks in advance

ichangxappcela commented 9 years ago

@barcelona23 , your configuration looks good to me, except that you don't need to include "production" environment in both places.

corsInterceptor:
    includeEnvironments: ['development', 'test']
    excludeEnvironments: ['production']
    allowedOrigins: ['domain.com']

And when you make requests to your Grails app, you'll need to make sure your requests contain Origin header with value domain.com to match your CORS interceptor setting.

Other than that it should just work. You can also check the test cases for clues.