Closed trestletech closed 7 years ago
I'm not sure this is the right place to ask, but I need to opt-in to a permissive CORS behavior, allowing a cross-origin request, but I'm not sure how to do that.
Following https://github.com/trestletech/plumber/issues/66, I've added this to my plumber.R
file:
#* @filter cors
cors <- function(res) {
res$setHeader("Access-Control-Allow-Origin", "*")
plumber::forward()
}
And then this before my endpoints:
#* @preempt cors
#* @get /protected
protected <- function(adresse) {
...
}
but, as per http://resttesttest.com/, the request is still blocked when requested from the browser. Could you point me to a way to fix this? Thanks!
OK, don't worry, I've understood that I need to remove the @preempt
lines.
Hi, I currently have the same issue as @joelgombin. I also have followed what in #66 is explained but I can not avoid the CORS error. What do you mean when you (@joelgombin) say "I need to remove the @preempt lines"? Could you put the same example but working?
Thank You beforehand
Your script needs to look like this:
#* @filter cors
cors <- function(res) {
res$setHeader("Access-Control-Allow-Origin", "*")
plumber::forward()
}
#* @get /protected
protected <- function(adresse) {
...
}
Thank You for answering so fast!! It has been useful for me!!
Currently Plumber defaults to provide a
Access-Control-Allow-Origin=*
HTTP header unless it's overridden. This opens Plumber APIs up to be requested from a browser from any origin when the request is a simple GET, HEAD, or POST using the standard HTTP headers.This should be backed down from unless the user opts-in to permissive CORS behavior.