r0man / ring-cors

Ring middleware for Cross-Origin Resource Sharing.
http://github.com/r0man/ring-cors
169 stars 44 forks source link

Support for Access-Control-Allow-Credentials header #14

Closed shen-tian closed 8 years ago

shen-tian commented 8 years ago

As far as I can tell, this library doesn't support the Access-Control-Allow-Credentials header (it doesn't support Access-Control-Expose-Headers and Access-Control-Max-Age either).

Is this a design decision, or are you open to contributions to add these?

r0man commented 8 years ago

@shen-tian Take a look at the tests. This should work. https://github.com/r0man/ring-cors/blob/master/test/ring/middleware/cors_test.clj#L150

shen-tian commented 8 years ago

Aha. That works. Thanks! If anyone else is interested, usage:

(def app 
  (-> app-routes
      (wrap-cors :access-control-allow-origin [#"https://example.com"]
                 :access-control-allow-methods [:get]
                 :access-control-allow-credentials "true")
      other-middleware))