On Sun, 26 Jan 2014 17:57:01 GMT, Marenz wrote:

Hello,

I am building a small server with an API to receive & return json objects through http POST/GET.

From js, I tried calling my server using

  $.ajax({
        url: "http://my.domain:8989/register",
        type: "POST",
        crossDomain: true,
        data: { apiKey: "23462", method: "example", ip: "208.74.35.5" },
        success: function (result) {
            resultDiv.innerHTML=result;
        },
        error: function (xhr, ajaxOptions, thrownError) {
        }
    });

Which gives the error:

XMLHttpRequest cannot load http://my.domain:8989/register. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. 

On the server I see something like

IP - - 2014-Jan-26 17:56:15.0144105Z "OPTIONS /register HTTP/1.1" 404 455 "http://localhost/supraball/serverlist.html" "uagent"

So there is an OPTION request to which it response with 404.
How can I respond to OPTION requests and/or how can I add the required header "Access-Control-Allow-Origin"?

The most simple way to solve this would be to explicitly add a route for this in the URLRouter:

void sendOptions(HTTPServerRequest req, HTTPServerResponse res)
{
    res.headers["Access-Control-Allow-Origin"] = "*";
    res.writeBody("");
}

auto router = new URLRouter;
router.match(HTTPMethod.options, "/register", &sendOptions);
// ...

Plus probably the header should also be sent with every other response:

void addACAO(HTTPServerRequest req, HTTPServerResponse res)
{
    res.headers["Access-Control-Allow-Origin"] = "*";
}

void sendOptions(HTTPServerRequest req, HTTPServerResponse res)
{
    addACAO(req, res);
    res.writeBody("");
}

auto router = new URLRouter;
router.any("*", &addACAO);
router.match(HTTPMethod.options, "*", &sendOptions);
// ...

The "*" for the header value should also probably be something more specific for the application.

Currently there is not really a sane way to implement this directly in vibe.d. But later, when the high level web framework in vibe.web gets some more features, that would be a good place to add something like this by default.