Implementing Options HttpVerb

Question

I want to accept options requests from an angular website. Every endpoint (signup, login etc) needs to accept the options http verb.

I will then add the following to the response header.

   After += ctx =>
                    {
                        ctx.Response.WithHeader("Access-Control-Allow-Origin", "*");
                        ctx.Response.WithHeader("Access-Control-Allow-Headers", "accept, client-token, content-type");
                        ctx.Response.WithHeader("Access-Control-Allow-Methods", "POST, GET");
                        ctx.Response.WithHeader("Access-Control-Max-Age", "30758400");
     };

What i dont want to do is add an extra route for every endpoint like

    Post[path + "Login"] = x => Login();
    Options[path + "Login"] = x => Login();

This would be masses of boilerplate code.

Is there a way i can intercept any options request using a wildcard route so that all my endpoints can accept options requests?

khellang · Answer 1 · 2014-02-28T11:10:46.570

3

Nancy has implicit routes for OPTIONS requests, i.e. a user defined OPTIONS route has not been defined. See OptionsRoute for reference.

If you want custom behavior for OPTIONS requests, you could alternatively add a AfterRequest hook:

protected override void ApplicationStartup(TinyIoCContainer container, IPipelines pipelines)
{
    pipelines.AfterRequest += ctx =>
    {
        // This will always be called at the end of the request
        if (ctx.Request.Method.Equals("OPTIONS", StringComparison.Ordinal))
        {
            ctx.Response.WithHeader("Access-Control-Allow-Origin", "*");
            ctx.Response.WithHeader("Access-Control-Allow-Headers", "accept, client-token, content-type");
            ctx.Response.WithHeader("Access-Control-Allow-Methods", "POST, GET");
            ctx.Response.WithHeader("Access-Control-Max-Age", "30758400");
        }
    }
}

But I'm not really sure why you would only add CORS headers to OPTIONS responses?

edited Feb 28 '14 at 11:10

answered Feb 27 '14 at 12:31

khellang

17,550
6
64
84

so does it make for me to edit the OptionsRoute class in your link to add the headers i need. Do i need to instantiate this class somewhere? Where does this class hook in? – Jules Feb 27 '14 at 12:35
That's not a hook. It's Nancy's default handling of the `OPTIONS` verb. I'm not sure I understand what you're trying to accomplish? Do you want to add the headers to all responses? – khellang Feb 27 '14 at 12:38
Seems you can let nancy's default options implementation run, and then in your after hook add the headers if the request's method is options. – Christian Horsdal Feb 27 '14 at 13:03
if i don't declare an explicit matching route where should i add the after pipeline header adding. Normally i inherit from nancy module in a 'basemodule' where i put all the generic functionality like pipeline wrangling. Then i inherit from the basemodule in all other modules in which the routes are defined. Which after pipeline is going to fire when no route is explicitly defined for the option verb? – Jules Feb 28 '14 at 10:47
You can add hooks to pipelines in the bootstrapper ([application pipelines](https://github.com/NancyFx/Nancy/wiki/The-Application-Before%2C-After-and-OnError-pipelines)) or in a specific module ([module pipelines](https://github.com/NancyFx/Nancy/wiki/The-before-and-after-module-hooks)). If you want to add headers to all responses, I'd suggest you add add an `AfterRequest` hook in the application pipelines. – khellang Feb 28 '14 at 11:04

score 0 · Answer 2 · answered Feb 28 '14 at 10:54

so if you need all the headers as i did you can add them the ApplicationStartupmethod in the nancy bootstraper as below. The default nancy behavior will be like a wildcard route on any options request and add these headers to the response.

protected override void ApplicationStartup(TinyIoCContainer container, IPipelines pipelines)
        {


            pipelines.AfterRequest += ctx =>
            {
                ctx.Response.WithHeader("Access-Control-Allow-Origin", "*");
                ctx.Response.WithHeader("Access-Control-Allow-Headers", "accept, client-token, content-type");
                ctx.Response.WithHeader("Access-Control-Allow-Methods", "POST, GET");
                ctx.Response.WithHeader("Access-Control-Max-Age", "30758400");
            };
        }

Implementing Options HttpVerb

2 Answers2

Linked