Description
Currently, a number of HTTP routes / URL paths defined in r2-streamer-js invoke the setResponseCORS() utility function in order to populate HTTP responses with adequate CORS headers:
r2-streamer-js/src/http/server.ts
Lines 259 to 271 in c1f3ac0
( https://github.com/readium/r2-streamer-js/blob/develop/src/http/server.ts#L259-L271 )
For example, for serving the ReadiumWebPublicationManifest (JSON):
r2-streamer-js/src/http/server-manifestjson.ts
Lines 344 to 345 in c1f3ac0
( https://github.com/readium/r2-streamer-js/blob/develop/src/http/server-manifestjson.ts#L344-L345 )
However, what about HTTP options for CORS? How is this useful? What are the use-cases?
Code example:
public expressOptions(paths: string[], func: express.Handler) {
this.expressApp.options(paths, func);
}...added to:
r2-streamer-js/src/http/server.ts
Lines 136 to 142 in c1f3ac0
( https://github.com/readium/r2-streamer-js/blob/develop/src/http/server.ts#L136-L142 )
...and:
_server.expressOptions(["/URL_ROUTE_PATH"],
(req: express.Request, res: express.Response) => {
res.setHeader("Access-Control-Allow-Origin", "*");
res.setHeader("Access-Control-Allow-Credentials", true);
res.setHeader("Access-Control-Allow-Methods", req.headers["access-control-request-method"]);
res.setHeader("Access-Control-Allow-Headers", req.headers["access-control-request-headers"]);
res.status(200).end();
});Inspired from NYPL's customizations:
https://github.com/NYPL-Simplified/opds-web-client/blob/1600781c267e241e5deb4094007e50df79eb6236/packages/server/index.js#L73
( https://github.com/NYPL-Simplified/opds-web-client/blob/master/packages/server/index.js#L73 )
CC @aslagle