Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

conjure-undertow supports OPTIONS requests. #480

Merged
merged 4 commits into from
Aug 2, 2019
Merged

conjure-undertow supports OPTIONS requests. #480

merged 4 commits into from
Aug 2, 2019

Conversation

carterkozak
Copy link
Contributor

Before this PR

Previously they would result in 405 method not allowed responses.

After this PR

==COMMIT_MSG==
conjure-undertow supports OPTIONS requests.
==COMMIT_MSG==

@carterkozak
conjure-undertow supports OPTIONS requests.
5a557ee 
Previously they would result in 405 method not allowed responses.
@carterkozak carterkozak requested a review from a team as a code owner August 2, 2019 01:15
markelliot
markelliot reviewed Aug 2, 2019
View reviewed changes
Copy link
Contributor

@markelliot markelliot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

few nits

@uschi2000
Copy link
Contributor

Should we update the conjure spec to define the behavior for OPTIONS?

@uschi2000
Copy link
Contributor

(I'm also wondering, why exactly do we need support for OPTIONS?)

@iamdanfox
Copy link
Contributor

@uschi2000 dropwizard/jetty+jersey transparently support OPTIONS requests because browsers send them as part of a 'CORS preflight' request. If your server doesn't respond to these, then you won't be able to hit these endpoints from a browser.

We discovered this when we were setting up tests where conjure-typescript hits the conjure-verification from a browser! https://github.com/palantir/conjure-verification/blob/d99bad8677a4655cdc77e99406e91a3343bc7145/verification-http-server/src/lib.rs

@carterkozak
Copy link
Contributor Author

Yep, @iamdanfox is correct, that is the rationale for this change.

Should we update the conjure spec to define the behavior for OPTIONS?

Absolutely, I chatted with @markelliot about adding a note describing OPTIONS support but I neglected to file a ticket to follow up. Filed: palantir/conjure#355

iamdanfox
iamdanfox reviewed Aug 2, 2019
View reviewed changes
...ndertow-runtime/src/main/java/com/palantir/conjure/java/undertow/runtime/OptionsHandler.java
public void handleRequest(HttpServerExchange exchange) {
Preconditions.checkState(Methods.OPTIONS.equals(exchange.getRequestMethod()), "Expected an OPTIONS request");
exchange.getResponseHeaders().put(Headers.ALLOW, allowValue);
exchange.setStatusCode(StatusCodes.NO_CONTENT);
Copy link
Contributor

@iamdanfox iamdanfox Aug 2, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want Access-Control-Max-Age too? https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request I assume this lets browsers cache this for a bit?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we want to set Access-Control headers, I think that belongs in WebSecurityHandler. I don't think there's anything specific to options requests for access control headers beyond standard browser use, but I'm not completely confident on that.

@bulldozer-bot bulldozer-bot bot merged commit 0d4bfb5 into develop Aug 2, 2019
@bulldozer-bot bulldozer-bot bot deleted the ckozak/options branch August 2, 2019 14:46
@svc-autorelease
Copy link
Collaborator

Released 3.14.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@markelliot markelliot markelliot left review comments

@iamdanfox iamdanfox iamdanfox approved these changes

@rubenfiszel rubenfiszel Awaiting requested review from rubenfiszel

Assignees
No one assigned
Labels
autorelease merge when ready
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@carterkozak @uschi2000 @iamdanfox @svc-autorelease @markelliot