search

drogonframework / drogon

Drogon: A C++14/17/20 based HTTP web application framework running on Linux/macOS/Unix/Windows
MIT License
11.44k stars 1.1k forks source link

CORS Policy blocked request with json object #1613

Closed Assowavesss closed 1 year ago

Assowavesss commented 1 year ago

I got this error : image With the following code The url of my front end is http://localhost:3000

ADD_METHOD_TO(
                AccountCtrl::getAccountByLoginData,
                "/v1/account/sign-in",
                Post,
                Options,
                "drogon::famy_account::filter::SignInFilter"
);

And I added this function in the main to handle the cors policy

 drogon::app()
        .registerPostHandlingAdvice(
            [](const drogon::HttpRequestPtr &req, const drogon::HttpResponsePtr &resp) {
            //LOG_DEBUG << "postHandling1";
            resp->addHeader("Access-Control-Allow-Origin", "*");
        })

Here is my axios post method

await axios.post<Expected<VerifyExpected>> (
                'http://localhost:81/v1/account/sign-in',
                 {email: 'jonathan.elbaz92@gmail.com'},
                 { headers: { 'content-type': 'application/json'}}
            );

PS: I don't know why but, I have no cors error with this handler

ADD_METHOD_TO(
                AccountCtrl::getOne,
                "/v1/account/{1}",
                Post,
                Options
            );

When I delete the filter, it works. Should handle the cors inside filter for option method ? or the api should make this for me ?

Please help me !

an-tao commented 1 year ago

If the filter rejects your request, the post-processing advice will not be invoked, as shown in the image below:

AOP

You could try to add the header to responses in the filter callback, or use the PreSendingAdvice.

Assowavesss commented 1 year ago

Yes I saw this schema earlier, I have just find a way.

Here is my original filter

void SignInFilter::doFilter(const HttpRequestPtr& req,
        FilterCallback&& fcb,
        FilterChainCallback&& fccb)
    {

        if (const auto& jsonRequest = req->getJsonObject();
            jsonRequest &&
            jsonRequest->size() == mandatoryLineNumber &&
            jsonRequest->isMember(Account::Cols::_email) 
            )
        {

            fccb();
        }
        else
        {
            fcb(createHttpResponse(std::move(createJsonResponse(
                std::make_pair("code", "UNAUTHORIZED"),
                std::make_pair("message", "Unauthorized access")
                )),
                k401Unauthorized
            ));
        }
    }

I just add a verification for option method

void SignInFilter::doFilter(const HttpRequestPtr& req,
        FilterCallback&& fcb,
        FilterChainCallback&& fccb)
    {

        if (const auto& jsonRequest = req->getJsonObject();
            req->method() == Options || /* Just here */
            jsonRequest &&
            jsonRequest->size() == mandatoryLineNumber &&
            jsonRequest->isMember(Account::Cols::_email) 
            )
        {

            fccb();
        }
        else
        {
            fcb(createHttpResponse(std::move(createJsonResponse(
                std::make_pair("code", "UNAUTHORIZED"),
                std::make_pair("message", "Unauthorized access")
                )),
                k401Unauthorized
            ));
        }
    }

And fixed my issue but I have to keep this code in the main

  drogon::app()
        .registerPostHandlingAdvice(
            [](const drogon::HttpRequestPtr &req, const drogon::HttpResponsePtr &resp) {
            //LOG_DEBUG << "postHandling1";
            resp->addHeader("Access-Control-Allow-Origin", "*");
        })