search

krakenjs / hapi-openapi

Build design-driven apis with OpenAPI (formerly swagger) 2.0 and hapi.
Other
211 stars 75 forks source link

CORS #22

Closed MattiSG closed 9 years ago

MattiSG commented 9 years ago

I need to enable CORS to serve my Swagger API. I don't see how I can do this with swaggerize-hapi at the moment.

Since this seems to me to be a fairly common use-case for a webservice library, I'd like to discuss the different implementation options before opening a PR.

I see two independent choices in the implementation.

Activation: specific or generic

How will the user activate CORS in swaggerize-hapi? I see two options:

  1. Add a generic “pass this to Hapi” config option. Less obvious for what is probably a common use-case, but more future-proof and possibly solving other issues that may arise. This options object would be merged with the generated route definition, probably here.
  2. Add a “cors” config option that is manually added to the route definition. Easier to document.

    Default value

  3. true: enable CORS by default for Swagger routes, considering this is a webservice library.
  4. false: let the user opt-in. Keeps current behaviour, but means the user has to understand why the thing he made does not work, and to learn about CORS.

I'm in favour of generic + default to true, as that's the combination that puts the less burden on both user and maintainer.

tlivings commented 9 years ago

Yeah, at the moment there isn't a way to pass additional config to swaggerized routes but there needs to be (some sort of config merge). The trick is definitely finding the least painful place to specify it.

Thanks for bringing this up. Will do some experiments and see what shakes out.

tlivings commented 9 years ago

Fixed in swaggerize-hapi@1.0.0-rc.3