在耶索德允许跨域请求 [英] Allowing cross-origin requests in Yesod
问题描述
我的应用程序使用一个书签,而我需要让CORS为 MyRouteR 所以我的书签code可以使用这条路线对AJAX请求。
在配置/路由我的第一稿我给 MyRouteR 只支持一个请求方法,PUT。但事实证明(杜)我会需要支持OPTIONS方法为好,它的浏览器使用CORS preflight请求。
我结束了在配置/路线如下:
/ myroute MyRouteR看跌期权
那种
我希望会有在模板哈斯克尔一些相关设备,用于处理配置/路由,以便增加期权在这条路线的方法列表会自动地导致CORS支持,但没有骰子。世界上没有结束,但它会是有意义的,感觉优雅的方式。
若要CORS的工作,我给了航线的选项处理程序:
optionsMyRouteR ::处理器RepPlain
optionsMyRouteR = DO
和addHeader访问控制 - 允许 - 起源,*
和addHeader访问控制 - 允许 - 方法PUT,选项
返回$ RepPlain $ toContent(::文)
putMyRouteR ::处理器RepJson
putMyRouteR = DO
和addHeader访问控制 - 允许 - 起源,*
- 更多的东西...
这个作品,但感觉略微未Yesodic,因为它是如此的样板。于是,两个问题:
- 请我们比Yesodic? 更好的形容词
- 是否有其他更好的方法,让路由支持跨域请求?
更新: 其他人发表了一些通用的中间件这样的: http://hackage.haskell.org/package/wai- CORS 的。
我目前工作在同样的事情,但尚未实施的解决方案,但是我想它可以通过WAI 中间件相似的样品$ C完成维基页面<一上$ C href="https://github.com/yesodweb/yesod/wiki/Allowing-WOFF-fonts-to-be-accessed-from-other-domains-%28CORS%29"相对=nofollow>允许WOFF字体从其他领域(CORS)访问。这应该允许您从写CORS code,一旦不重复自己。
从链接样品code以上,增加了对WOFF字体跨域访问:
addCORStoWOFF :: W.Middleware
addCORStoWOFF应用= FMAP updateHeaders。应用程序
哪里
updateHeaders(W.ResponseFile状态标题FP mpart)= W.ResponseFile状态(新标题)FP mpart
updateHeaders(W.ResponseBuilder状态标题制造商)= W.ResponseBuilder状态(新标题)制造商
updateHeaders(W.ResponseSource状态标题SRC)= W.ResponseSource状态(新标题)SRC
新标题| WOFF = CORS:头
|否则=头
其中,WOFF =查找HT.hContentType头==只是应用程序/字体WOFF
CORS =(访问控制 - 允许 - 起源,*)
My application uses a bookmarklet, and I need to allow CORS for MyRouteR so my bookmarklet code can use this route for AJAX requests.
In my first draft of config/routes I gave MyRouteR support for only one request method, PUT. But it turned out (duh) that I'd need to support the OPTIONS method as well, which browsers use for CORS preflight requests.
I ended up with the following in config/routes:
/myroute MyRouteR PUT OPTIONS
I was kind of hoping there would be some relevant machinery in the Template Haskell that processes config/routes so that the addition of OPTIONS to this route's method list would automagically result in CORS support, but no dice. Not the end of the world, but it would have made sense and felt elegant that way.
To make CORS work, I gave the route an OPTIONS handler:
optionsMyRouteR :: Handler RepPlain
optionsMyRouteR = do
addHeader "Access-Control-Allow-Origin" "*"
addHeader "Access-Control-Allow-Methods" "PUT, OPTIONS"
return $ RepPlain $ toContent ("" :: Text)
putMyRouteR :: Handler RepJson
putMyRouteR = do
addHeader "Access-Control-Allow-Origin" "*"
-- more stuff ...
This works, but it feels slightly un-Yesodic because it's so boilerplate. So, two questions:
- Do we have a better adjective than Yesodic?
- Is there another, better way to let a route support cross-origin requests?
UPDATE: Someone else published some generic middleware for this: http://hackage.haskell.org/package/wai-cors.
I am currently working on the same thing and haven't yet implemented a solution, however I imagine it can be done via a WAI Middleware similar to the sample code on the wiki page Allowing WOFF fonts to be accessed from other domains (CORS). This should allow you from writing the CORS code once without repeating yourself.
Sample code from the link above to add cross-origin access for WOFF fonts:
addCORStoWOFF :: W.Middleware
addCORStoWOFF app = fmap updateHeaders . app
where
updateHeaders (W.ResponseFile status headers fp mpart) = W.ResponseFile status (new headers) fp mpart
updateHeaders (W.ResponseBuilder status headers builder) = W.ResponseBuilder status (new headers) builder
updateHeaders (W.ResponseSource status headers src) = W.ResponseSource status (new headers) src
new headers | woff = cors : headers
| otherwise = headers
where woff = lookup HT.hContentType headers == Just "application/font-woff"
cors = ("Access-Control-Allow-Origin", "*")
这篇关于在耶索德允许跨域请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
