Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CORS and pre-flight OPTIONS requests. #63

Open
VictorioBerra opened this issue Dec 11, 2018 · 4 comments
Open

CORS and pre-flight OPTIONS requests. #63

VictorioBerra opened this issue Dec 11, 2018 · 4 comments
Labels
help wanted

Comments

@VictorioBerra
Copy link

Are OPTIONS action needed for CORS pre-flight requests?

See here: https://github.com/Dotnet-Boxed/Templates/blob/master/Source/Content/ApiTemplate/Controllers/CarsController.cs#L24-L64

        /// <summary>
        /// Returns an Allow HTTP header with the allowed HTTP methods.
        /// </summary>
        /// <returns>A 200 OK response.</returns>
        [HttpOptions]
        [SwaggerResponse(StatusCodes.Status200OK, "The allowed HTTP methods.")]
        public IActionResult Options()
        {
            this.HttpContext.Response.Headers.AppendCommaSeparatedValues(
                HeaderNames.Allow,
                HttpMethods.Get,
                HttpMethods.Head,
                HttpMethods.Options,
                HttpMethods.Post);
            return this.Ok();
        }

        /// <summary>
        /// Returns an Allow HTTP header with the allowed HTTP methods for a car with the specified unique identifier.
        /// </summary>
        /// <param name="carId">The cars unique identifier.</param>
        /// <returns>A 200 OK response.</returns>
        [HttpOptions("{carId}")]
        [SwaggerResponse(StatusCodes.Status200OK, "The allowed HTTP methods.")]
        public IActionResult Options(int carId)
        {
            this.HttpContext.Response.Headers.AppendCommaSeparatedValues(
                HeaderNames.Allow,
                HttpMethods.Delete,
                HttpMethods.Get,
                HttpMethods.Head,
                HttpMethods.Options,
                HttpMethods.Patch,
                HttpMethods.Post,
                HttpMethods.Put);
            return this.Ok();
        }
@VictorioBerra
Copy link
Author

I think maybe they are only needed for swagger doc.

@VictorioBerra
Copy link
Author

Wait no... I think you have to manually have this to respond to OPTIONS requests and that is not built into MVC. Why dont we have these?

@VictorioBerra VictorioBerra reopened this Dec 11, 2018
@adamhathcock
Copy link
Collaborator

Browsers do preflight checks but it wasn't part of the API spec (or I didn't see it when I originally did the work). PRs welcome.

@VictorioBerra
Copy link
Author

Do we have help-wanted or up-for-grabs labels?

dotnet/AspNetCore.Docs#7268 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@adamhathcock @VictorioBerra