You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@openwhisk.apache.org by gi...@git.apache.org on 2017/06/13 18:49:36 UTC

[GitHub] csantanapr commented on a change in pull request #2327: Update OPTIONS Respones for Web Actions (Review)

csantanapr commented on a change in pull request #2327: Update OPTIONS Respones for Web Actions (Review)
URL: https://github.com/apache/incubator-openwhisk/pull/2327#discussion_r121764524
 
 

 ##########
 File path: docs/webactions.md
 ##########
 @@ -360,6 +360,47 @@ $ curl -k -H "content-type: application" -X POST -d "Decoded body" https://${API
   "body": "Decoded body"
 }
 ```
+## Options Requests
+
+By default, an OPTIONS request made to a web action will result in CORS headers being automatically added to the
+response headers. These headers allow all origins and the options, get, delete, post, put, head, and patch HTTP verbs.
+The headers are shown below:
+
+```
+Access-Control-Allow-Origin: *
+Access-Control-Allow-Methods: OPTIONS, GET, DELETE, POST, PUT, HEAD, PATCH
+```
+
+Alternatively, OPTIONS requests can be handled manually by a web action. To enable this option add a
+`web-custom-options` annotation with a value of `true` to a web action. When this feature is enabled, CORS headers will
+not automatically be added to the request response. Instead, it is the developer's responsibility to append his or her
+desired headers programmatically. Below is an example of creating custom resposnes to OPTIONS requests.
+
+```
+function main(params) {
+  if (params.__ow_method == "options") {
+    return {
+      headers: {
+        'Access-Control-Allow-Methods': 'OPTIONS, GET'
+      },
+      statusCode: 200
+
+    }
+  }
+}
+```
+
+Save the above function to `custom-options.js` and execute the following commands:
+
+```
+$ wsk action create custom-option custom-options.js --web true -a web-custom-options true
+$ curl https://${APIHOST}/api/v1/web/guest/default/custom-options.http -kvX OPTIONS
+< HTTP/1.1 200 OK
+< Server: nginx/1.11.13
+< Content-Length: 0
+< Connection: keep-alive
+< Access-Control-Allow-Methods: OPTIONS, GET
 
 Review comment:
   same here add a 2nd header of origin
   ```
   Access-Control-Allow-Origin: example.com
   ```
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services