Skip to content

CORS

Jump to bottom
Ravi Teja Gudapati edited this page Jan 9, 2019 · 8 revisions

CORS support for Jaguar is provided by jaguar_cors package.

jaguar_cors packages provides Cors interceptor to add CORS support to routes. Cors interceptor is configured by CorsOptions class.

Here is a simple example:

final options = CorsOptions(
    allowedOrigins: ['http://example.com', 'http://example1.com'],
    allowAllMethods: true,
    allowAllHeaders: true);
server.get('/origins', (_) => 'origins', before: [Cors(options)]);

jaguar_cors package exposes a convenience method cors for usage in Jaguar Controllers:

@GenController(path: '/api')
class Routes extends Controller {
  @HttpMethod(methods: const ['POST', 'OPTIONS'])
  Future<Response<String>> post(Context ctx) async {
    if (ctx.req.method != 'POST') return null;
    return Response.json(await ctx.bodyAsJson());
  }

  @override
  void before(Context ctx) {
    cors(ctx, corsOptions);
  }
}

Configuration

Cors interceptor is configured by CorsOptions class. CorsOptions class provides various fields/parameters to configure which requests are allowed on the route.

HTTP method

By default, all HTTP methods are disallowed. allowedMethods parameter lets you configure which HTTP methods are allowed on this route when a cross-origin request is made. allowAllMethods generously allows all methods.

Origin

By default, all origins are disallowed. allowedOrigins parameter lets you configure which origins are allowed on this route when a cross- origin request is made. allowAllOrigins generously allows requests from all origins.

Headers

By default, all headers are disallowed. allowedHeaders parameter lets you configure which headers are allowed to be sent to this route when a cross- origin request is made. allowAllHeaders generously allows all headers to be sent.

Response headers

By default, all response headers are hidden. exposeHeaders parameter lets you configure which response headers are exposed when a cross- origin request is made. exposeAllHeaders generously exposes all response headers.

Examples

Whats next?

While you are at security, take a look at how Jaguar solves HTTPS.

Basics

Serialization

Forms

Sessions

Authentication

  • Basic authentication
  • Form authentication
  • JSON authentication
  • Authorization
  • OAuth

Database

Security

Real time

  • Server sent events (SSE)
  • Websockets

Deployment

  • systemd
  • Docker
  • AppEngine

API Documentation

Clone this wiki locally