[99s-extend] Cowboy CORS

Phillips, Christopher Christopher.Phillips at turner.com
Fri Apr 19 17:08:03 CEST 2013


  When querying to the VM from a browser, is Chrome complaining that it's a cross domain request in the console? Or something else?

  Is the OPTIONS request firing and failing, or is it the POST that is failing (in the network tab)?

  If it's working in a cross origin context for you locally across different domains (I.e., the browser is sending the CORS headers on the request, and you're seeing the right headers on the response, and the browser is handling them properly, such that you can retrieve the response from your Javascript), then it seems unlikely to be a CORS issue, but maybe a config or proxy or code issue in your handler.


From: Lee Sylvester <lee.sylvester at gmail.com<mailto:lee.sylvester at gmail.com>>
Date: Friday, April 19, 2013 10:47 AM
To: "extend at lists.ninenines.eu<mailto:extend at lists.ninenines.eu>" <extend at lists.ninenines.eu<mailto:extend at lists.ninenines.eu>>
Subject: [99s-extend] Cowboy CORS

Hi guys,

So, I thought I had this resolved, as I managed to get it working locally, but across different local domains (test.localhost.com<http://test.localhost.com> and cowboy.localhost.com<http://cowboy.localhost.com>).  However, now I've deployed my app to a VM, I simply can't get CORS working in Cowboy.  Here's the OPTIONS response from Chrome's console:



  1.
Request URL:
http://www.example.com/
  2.
Request Method:
OPTIONS
  3.
Status Code:
200 OK
  4.  Request Headersview source
     *
Accept:
*/*
     *
Accept-Charset:
ISO-8859-1,utf-8;q=0.7,*;q=0.3
     *
Accept-Encoding:
gzip,deflate,sdch
     *
Accept-Language:
en-US,en;q=0.8
     *
Access-Control-Request-Headers:
origin, method, content-type
     *
Access-Control-Request-Method:
POST
     *
Connection:
keep-alive
     *
Host:
www.example.com<http://www.example.com>
     *
Origin:
http://test.localhost.com:8889
     *
Referer:
http://test.localhost.com:8889/
     *
User-Agent:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.65 Safari/537.31
  5.  Response Headersview source
     *
Access-Control-Allow-Headers:
Content-Type, X-Requested-With, Origin, Method
     *
Access-Control-Allow-Methods:
GET, POST, OPTIONS
     *
Access-Control-Allow-Origin:
*
     *
connection:
keep-alive
     *
content-length:
0
     *
date:
Fri, 19 Apr 2013 14:40:00 GMT
     *
server:
Cowboy

And then this is the POST response:


  1.
Request URL:
http://www.example.com/
  2.  Request Headersview parsed
     *   POST http://www.example.com/ HTTP/1.1 Origin: http://test.localhost.com:8889 Referer: http://test.localhost.com:8889/ method: POST http://www.example.com/ HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.65 Safari/537.31 content-type: application/x-www-form-urlencoded
  3.  Form Dataview parsed
     *   data={"Type":"auth_request","Authentication":"public","Authorization":null,"Domain":"www.example.com<http://www.example.com>","Application":"test_app","Ident":"lee"}

I am setting {<<"Access-Control-Allow-Origin">>, <<"*">>} in the headers param of cowboy_req:reply and the cowboy_req:set_resp_header, but neither seems to be working.  Can anyone spot what I might be doing wrong?

The cowboy_req:set_resp_header is happening in the handle… So

handle(Req, State) ->
Reply = case cowboy_req:method(Req) of
{<<"POST">>, Req2} ->
Req3 = cowboy_req:set_resp_header(<<"Access-Control-Allow-Origin">>, <<"*">>, Req2),
[snip]


Thanks,
Lee

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ninenines.eu/archives/extend/attachments/20130419/383515dd/attachment.html>


More information about the Extend mailing list