rstudio/plumber

@filter cors for DELETE

Open

#409 opened on Apr 3, 2019

View on GitHub
 (4 comments) (2 reactions) (0 assignees)R (1,437 stars) (257 forks)batch import
difficulty: noviceeffort: mediumhelp wanted

Description

The filter mentioned in #143 works for GET requests, but is not active for DELETE. When I convert my DELETE to a (misnomed) GET, everything is fine.

#* @filter cors
cors <- function(res) {
  res$setHeader("Access-Control-Allow-Origin", "*")
  plumber::forward()
}

Contributor guide

Tech stack
None
Domain
backendapi
Issue type
bug
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
2
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
under 1 hour
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
stale
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
clear
Prerequisites
R programmingplumber basics
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
50
Research direction
The issue reports that the @filter cors only applies to GET requests but not DELETE. To fix, examine the filter registration in plumber's source code, likely in the plumber package's R/filter.R or similar. Look for where the @filter handler is attached to routes; it may need to be applied to all HTTP methods (or at least DELETE). Check if there is a conditional based on request method, and extend to include DELETE. Also verify with a test that DELETE requests receive the CORS headers.