search

r0man / ring-cors

Ring middleware for Cross-Origin Resource Sharing.
http://github.com/r0man/ring-cors
169 stars 44 forks source link

Cors headers not returned when invalid input #26

Closed Freid001 closed 6 years ago

Freid001 commented 6 years ago

When I post an invalid body to the POST endpoint, the response is missing cors headers. But, when I set a valid body {item: true} the response does include cors headers. How do I get the cors headers to be included when there is a bad request? Are CORS headers only added when the request is allowed?

(defn- bad-request-handler
  "Handles bad requests."
  [f]
  (f
    (ring/response {:status "bad request"})))

(def app
  (api
    {:exceptions {:handlers
                          {::ex/request-validation (bad-request-handler response/bad-request)}}}

    (POST "/" [] :body [item {(schema/required-key :item) schema/Bool}]
             :middleware [#(wrap-cors % :access-control-allow-origin [#".*"]
                                      :access-control-allow-methods [:post])]
             :responses {200 {:description "ok"}
                         400 {:description "bad request"}} item)))