Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rest: HTTP OPTIONS calls are fetching resources. #202

Open
smyrman opened this issue Sep 26, 2018 · 1 comment
Open

rest: HTTP OPTIONS calls are fetching resources. #202

smyrman opened this issue Sep 26, 2018 · 1 comment
Labels
enhancement

Comments

@smyrman
Copy link
Collaborator

smyrman commented Sep 26, 2018
edited
Loading

It seams like an HTTP OPTIONS call will fetch resources if you do an OPTIONS call against a nested resource. E.g.:

http OPTIONS :8080/parents/123/children

Will result in a Find call against resource parents for items with ID 123. This does not seam like the right behavior.
@smyrman
Copy link
Collaborator Author

smyrman commented Oct 1, 2018

One question is if the Handler for index should handle options requests at all, or if we should have a completely different options handler. This would allow for OPTIONS requests to bypass authentication for instance.

We found a good order of middelware to be:

  1. Authenticate user token and set user in context if succesfull. Call next handler either way.
  2. Access log middleware
  3. CORS handler, pass through OPTIONS requests.
  4. OPTION handler for a resource.Index
  5. Require login barrier -- only pass through if authenticated.
  6. API handler for the same resource.Index

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@smyrman