Bundled CORS-support · metosin/reitit#236

(9 留言) (22 反應) (0 負責人)Clojure (1,569 star) (261 fork)batch import

enhancementhelp wanted

描述

Currently, a third party mw/interceptor is needed for CORS. There should be a fast default mw & interceptor for this. Those could be configured either via route data or via mw/interceptor options. Example data format from https://github.com/metosin/reitit/issues/143#issuecomment-422079662:

{:access-control
 {:allow-origin "http://foo.example"
  :allow-methods #{:get :post :put}
  :allow-credentials true
  :allow-headers #{"X-PINGOTHER" "Content-Type"}
  :expose-headers #{"X-My-Custom-Header" "X-Another-Custom-Header"}
  :max-age 86400}}

Some prior work:

Related issues:

貢獻者指南

技術棧: 無
領域: backendapisecurity
議題類型: feature
難度: 3
預計時間: 1-3 hours
活動狀態: stale
清晰度: clear
前置要求: ClojureRing middlewareCORS protocol
新手友善度: 40
研究方向: Examine the existing middleware implementation in reitit (e.g., reitit ring/src/reitit/ring.clj). Review the ring cors library (https://github.com/r0man/ring cors) and the Pedestal CORS implementation for patterns. Implement a new middleware that accepts options as shown in the example. Ensure it follows the reitit interceptor/middleware pattern and can be configured per route. The linked issues #143 and #85 contain additional discussion on expected behavior.