Dancer::Plugin::CORS - A plugin for using cross origin resource sharing
version 0.13
Cross origin resource sharing is a feature used by modern web browser to bypass cross site scripting restrictions. A webservice can provide those rules from which origin a client is allowed to make cross-site requests. This module helps you to setup such rules.
use Dancer::Plugin::CORS; get '/foo' => sub { ... }; share '/foo' => origin => 'http://localhost/', credentials => 1, expose => [qw[ Content-Type ]], method => 'GET', headers => [qw[ X-Requested-With ]], maxage => 7200, timing => 1, ;
$route
%options
The parameter $route may be any valid path like used get, post, put, delete or patch but not option.
Alternatively a Dancer::Route object may be used instead:
$route = post '/' => sub { ... }; share $route => ... ;
Or a arrayref to one or more Routes:
@head_and_get = get '/' => sub { ... }; share \@head_and_get => ...;
This syntax works too:
share [ get ('/' => sub { ... }) ] => ...;
For any route more than one rule may be defined. The order is relevant: the first matching rule wins.
Following keywords recognized by %options:
This key defines a static origin (scalar), a list (arrayref), a regex or a subroutine.
If not specified, any origin is allowed.
If a subroutine is used, the first passed parameter is a URI object. It should return a true value if this origin is allowed to access the route in question; otherwise false.
origin => sub { my $host = shift->host; # allow only from localhost grep { $host eq $_ } qw(localhost 127.0.0.1 ::1) }
Hint: a origin consists of protocol, hostname and maybe a port. Examples: http://www.example.com, https://securesite.com, http://localhost:3000, http://127.0.0.1, http://[::1]
http://www.example.com
https://securesite.com
http://localhost:3000
http://127.0.0.1
http://[::1]
This indicates whether cookies, HTTP authentication and/or client-side SSL certificates may sent by a client. Allowed values are 0 or 1.
0
1
This option must be used together with origin.
A comma-seperated list of headers, that a client may extract from response for use in a client application.
A arrayref of allowed methods. If no methods are specified, all methods are allowed.
A string containing a single supported method. This parameter is autofilled when share() is used together with a Dancer::Route object. If no method is specified, any method is allowed.
A arrayref of allowed request headers. In most cases that should be [ 'X-Requested-With' ] when ajax requests are made. If no headers are specified, all requested headers are allowed.
[ 'X-Requested-With' ]
A maximum time (in seconds) a client may cache a preflight request. This can decrease the amount of requests made to the webservice.
Allow access to the resource timing information. If set to 1, the header Timing-Allow-Origin is set to the same value as Access-Control-Allow-Origin. Otherwise, its set to the value null. If the keyword is not present, no Timing-Allow-Origin header will be appended to response. See http://www.w3.org/TR/resource-timing/#cross-origin-resources for more information.
Timing-Allow-Origin
This keyword is a helper for re-using rules for many routes.
See Dancer::Plugin::CORS::Sharing for more information about this feature.
Please report any bugs or feature requests on the bugtracker website https://github.com/zurborg/libdancer-plugin-cors-perl/issues
When submitting a bug or request, please include a test-file or a patch to an existing test-file that illustrates the bug or desired feature.
David Zurborg <zurborg@cpan.org>
This software is Copyright (c) 2014 by David Zurborg.
This is free software, licensed under:
The ISC License
To install Dancer::Plugin::CORS, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Dancer::Plugin::CORS
CPAN shell
perl -MCPAN -e shell install Dancer::Plugin::CORS
For more information on module installation, please visit the detailed CPAN module installation guide.