Handling CORS requests and missing OPTIONS handler in bao.ts

[lazydefi1]

How do you handle CORS requests?

CORS requests come from the browser through OPTIONS methods. It seems their handling is missing from bao.ts. Should I make a PR to add this?

[wedelgaard]

I would have assumed this would work, but apperently it doesn't:

   return ctx.sendJson(data, {
      headers: {
        "Access-Control-Allow-Origin": "*",
        "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
      },
    });

[lazydefi1]

I would have assumed this would work, but apperently it doesn't:

   return ctx.sendJson(data, {
      headers: {
        "Access-Control-Allow-Origin": "*",
        "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
      },
    });

I did something like this:

  app.after(async ctx => {
    if (ctx.res === null) { throw new Error('ctx.res is null'); }

    // CORS
    ctx.res.headers.set('Access-Control-Allow-Origin', '*');
    ctx.res.headers.set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
    ctx.res.headers.set('Access-Control-Allow-Headers', 'Content-Type');

    return ctx;
  });

Also, correct me if I'm wrong but the OPTIONS handling in bao is missing, I added it like this:
f566896

[erikvullings]

@lazydefi1 Could you perhaps create a PR for this update. Without the OPTIONS handling, I cannot really implement CORS, as my app sends a preflight OPTIONS request to check for CORS headers that I cannot handle. I hope it will be accepted, though, since the last code change is 3 months old, so that is not very promising...

I've implemented a work around using the any handler, but that is ugly and not very easy to understand.

[mattreid1]

I've created PR #28 to support this. Please take a look and let me know what you think as I haven't actually tested it yet - if anyone wants to write some test cases that would be much appreciated!