Reproduce CORS missing headers

spiral-project / daybed

Form validation and data storage API

http://daybed.rtfd.org/

BSD 3-Clause "New" or "Revised" License

53 stars 8 forks source link

Closed leplatrem closed 9 years ago

leplatrem commented 9 years ago

As a good start, ticket #48 is reproduced in a test case :)

almet commented 9 years ago

Sweet, that will help :)

Natim commented 9 years ago

Note that we also probably want forbidden 401 to return JSON.

Natim commented 9 years ago

Natim commented 9 years ago

The problem is that if we provide the Authorization header that doesn't validates for any reason, pyramid and pyramid_hawk stops the request.

I am not sure about the strategy:

Should we make sure daybed.js or backbone-daybed doesn't send the Authorization header for OPTIONS request's types.
Should we allow daybed to answer OPTIONS calls even if the Authorization header is broken?

What do you guys think?

almet commented 9 years ago

headers aren't sent in this particular case, but that's not the only problem.

I was working on a patch about that yesterday, but still a work in progress.

almet commented 9 years ago

(the missing header is the ORIGIN one, since self.headers isn't sent as part of the request)

almet commented 9 years ago

This latest changes should fix it.

Hope the code explains itselfs enough :)

almet commented 9 years ago

updated.

leplatrem commented 9 years ago

Great! Thanks!