CORS is a HTTP::Handler
handler (middleware) implementing Cross Origin Resource Sharing W3 specification in Crystal.
In shards.yml
:
dependencies:
cors:
github: prutya/cors
branch: master # OR: version: x.x.x (Check the releases tab)
Then:
require "cors"
Add this handler to your HTTP::Server
initializer call
server = HTTP::Server.new([
SomeHandler.new,
Cors::Handler.new(
respond_ok: ->(ctx : HTTP::Server::Context) {
# Whatever you do when you want to respond with 200 OK
#
# e.g.
ctx.response.status = HTTP::Status::OK
ctx.response.content_type = "application/json"
ctx.response.print("{}")
},
allowed_origins: ["https://example.com"]
),
SomeOtherHandler.new,
])
respond_ok (required)
Proc
with HTTP::Server::Context
argument. Called when the preflight processing is finished.
max_age (optional)
Int32
, defaults to 0
. If greater than 0
, goes to Access-Control-Max-Age header in the preflight response, otherwise does nothing.
allow_credentials (optional)
Bool
, defaults to false
If set to true
, adds the Access-Control-Allow-Credentials header to the response, otherwise does nothing.
allowed_origins (optional)
Array(String)
. Defaults to an empty array.
The list of allowed origins. If the array contains "*"
, allows all origins. Access-Control-Allow-Origin.
allowed_methods (optional)
Array(String)
. Defaults to ["GET", "POST", "PUT"]
. The list of allowed HTTP methods. If empty, results in all requests being disallowed. Access-Control-Allow-Methods.
allowed_headers (optional)
Array(String)
. Defaults to ["Origin", "Accept", "Content-Type", "X-Requested-With"]
.
If empty, results in only Origin
header being allowed, otherwise results in Origin
header and headers provided being allowed. Access-Control-Allow-Headers.
exposed_headers (optional)
Array(String)
. Defaults to and empty array. Access-Control-Expose-Headers.