Setup:
server.use(restify.CORS({
origins: ['http://127.0.0.1:8080'],
credentials: true
}));
server.post('/', function(req, res, next) {
res.json(req.params);
next();
});
Getting back 405 Method Not Allowed.
Here are the request from Chrome:
Request URL:http://127.0.0.1:9090/
Request Method:OPTIONS
Status Code:405 Method Not Allowed
Remote Address:127.0.0.1:9090
Request headers:
Accept:*/*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:acccept, content-type, x-requested-with
Access-Control-Request-Method:POST
Cache-Control:no-cache
Connection:keep-alive
Host:127.0.0.1:9090
Origin:http://127.0.0.1:8080
Pragma:no-cache
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
The existing CORS plugin is being deprecated, but in the meantime can you see if any of the suggestions in #664 help at all? If not, we'll incorporate the feedback into the new plugin.
So @DonutEspresso does that mean the deprecated CORS plugin does not work or am I doing something wrong?
I'm willing to help out... Want to use restify for a public API, but things are a bit rough around the edges.
TBH, I have not used it personally, but I know that using CORS + fullResponse plugin + white listing of headers typically gets the existing plugin into a good place. It's not the most ideal though, which is why we're redoing the plugin. Have you poked through 664? If you're using CORS and fullResponse, the most likely culprit are request headers that are unexpected, which can be set via restify.CORS.ALLOW_HEADERS.
The CORS plugin will be deprecated in the upcoming 5.x release in favour of https://github.com/TabDigital/restify-cors-middleware