Skip to content

Instantly share code, notes, and snippets.

@corydeppen
Created October 8, 2012 19:13
Show Gist options
  • Save corydeppen/3854311 to your computer and use it in GitHub Desktop.
Save corydeppen/3854311 to your computer and use it in GitHub Desktop.
ServiceStack cross-origin request/ response headers
Request URL:http://localhost:63005/utils/md5/test
Request Method:OPTIONS
Status Code:200 OK
Request Headers
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:origin, content-type, accept
Access-Control-Request-Method:GET
Connection:keep-alive
Host:localhost:63005
Origin:http://localhost:49391
Referer:http://localhost:49391/md5
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.17 Safari/537.11
Response Headers
Cache-Control:private
Content-Length:0
Date:Mon, 08 Oct 2012 19:10:07 GMT
Server:Microsoft-IIS/8.0
X-AspNet-Version:4.0.30319
X-Powered-By:ASP.NET
X-SourceFiles:=?UTF-8?B?QzpcVXNlcnNcY2RlcHBlblxDb2RlXFV0aWxzXHNyY1xBcGlcdXRpbHNcbWQ1XHRlc3Q=?=
@mythz
Copy link

mythz commented Oct 8, 2012

I don't see any ServiceStack headers here. Is there any indication that ServiceStack is handling this request? i.e. debugging?
What is the root path ServiceStack is meant to be hosted on? /utils ?

@corydeppen
Copy link
Author

The route being added is "/utils/md5/{value*}". The following is the req/res when calling it directly:

Request URL:http://localhost:63005/utils/md5/test
Request Method:GET
Status Code:200 OK

Request Headers

Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Cookie:ss-pid=bCwMi6ckcEKojLAH4J9cIw==
Host:localhost:63005
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.17 Safari/537.11

Response Headers

Access-Control-Allow-Headers:Content-Type
Access-Control-Allow-Methods:GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin:*
Cache-Control:private
Content-Encoding:gzip
Content-Length:3834
Content-Type:text/html
Date:Mon, 08 Oct 2012 19:36:33 GMT
Server:Microsoft-IIS/8.0
Vary:Accept-Encoding
X-AspNet-Version:4.0.30319
X-Powered-By:ASP.NET
X-Powered-By:ServiceStack/3.921 Win32NT/.NET
X-SourceFiles:=?UTF-8?B?QzpcVXNlcnNcY2RlcHBlblxDb2RlXFV0aWxzXHNyY1xBcGlcdXRpbHNcbWQ1XHRlc3Q=?=

@mythz
Copy link

mythz commented Oct 8, 2012

What does the skeleton/structure your service look like? i.e. Where are the Cors* attributes being applied? are you using the Global Plugins.Add(new CorsFeature()); in your AppHost?
Are you using the New Api ?

@corydeppen
Copy link
Author

Though I've tried the CorsFeature plugin, I've been using the following in the Configure method of AppHost:

SetConfig(new EndpointHostConfig
    {
        GlobalResponseHeaders =
            {
                {"Access-Control-Allow-Origin", "*"},
                {"Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"},
                {"Access-Control-Allow-Headers", "Content-Type"}
            }
    });

I haven't used the new API yet.

@mythz
Copy link

mythz commented Oct 8, 2012

Ok that should work as well. Can you try a New API sample service like:

[Route("/testoptions")]
public class TestOptions { }
public class TestOptionsService : Service {
    [EnableCors]
    public void Options(TestOptions request) {}
}

And see if the headers get emitted as well. I'd like to know if something else is hijacking the OPTIONS request (e.g. MVC Http Module or IIS installed WebDav, etc) or its ServiceStack not handling it properly.
Also can you update to the new version of SS was released last night so we're looking at the same code-base.

@corydeppen
Copy link
Author

I upgraded SS and implemented the new API to include the following. Works like a charm. Thanks.

[Route("/utils/md5/{value*}")]
public class MD5Hash
{
    public string Value { get; set; }
}

[EnableCors(allowedHeaders: "Content-Type, X-Requested-With")]
public void Options(MD5Hash request)
{
}

public object Get(MD5Hash request)
{
    return new MD5HashResponse { Result = request.Value.ToMD5() };
}

Then just had to include this in AppHost:

SetConfig(new EndpointHostConfig
    {
        GlobalResponseHeaders =
            {
                {"Access-Control-Allow-Origin", "*"}
            }
    });

@mythz
Copy link

mythz commented Oct 8, 2012

Sweet! glad to here it :)
Yeah it's probably a good idea to move to the new API, imo it's simpler more intuitive + requires less effort. We're slowly replacing all demos/examples to move to the new API on our side as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment