HTTP OPTIONS verb to support CORS in EventStore web


to POST events from a non hosted page outside from EventStore web. I spend the es.api.js a new setting

var baseUrl = settings.baseUrl || “”

Before the ajax sends the POST comes an OPTIONS for CORS. This request fails with

HTTP/1.1 405 Requested method is not allowed for requested url
Access-Control-Allow-Methods: DELETE, GET, POST

Need to provide OPTIONS and also CORS Header for using EventStore outside from own hosted websites.

Cheers, Mike

Just a quick potential thought on this - did you specify the IP that the Event Store was running on? By default it only binds to loopback.

I had similar problems when consuming events from javascript on another machine, so I took a look at the HTTP code this afternoon.

I stuck in a handler for OPTIONS requests, which seems to work ok… and it was easy enough to change it to always send Access-Control-Allow-Origin: *

Not on the right computer now, but I can post the code here tomorrow, and will make a pull request.

Only thing i’m not sure about is the access-control … I guess a configurable list of domains would be a better solution than hardcoding to * ?

FYI, Pull request with my changes is here:

Sorry, misunderstood the request on this one!

Hi Rich,

thx for pull request. Thats exactly what is needed. And yes, a configurable list would be a better solution…

Cheers, Mike

@Rich Knight,

I’ve merged your pull request. We’ll add configurable Access-Control-Allow-Origin soon

Четвер, 18 жовтня 2012 р. 09:02:44 UTC+3 користувач Mike Bild написав: