Skip to content

Latest commit

 

History

History
101 lines (79 loc) · 3.62 KB

README.md

File metadata and controls

101 lines (79 loc) · 3.62 KB

horse-cors

horse-cors is a official middleware for handling CORS in APIs developed with the Horse framework.
We created a channel on Telegram for questions and support:

❓ What's CORS?

Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources. CORS also relies on a mechanism by which browsers make a "preflight" request to the server hosting the cross-origin resource, in order to check that the server will permit the actual request. In that preflight, the browser sends headers that indicate the HTTP method and headers that will be used in the actual request.

An example of a cross-origin request: the front-end JavaScript code served from https://domain-a.com uses XMLHttpRequest to make a request for https://domain-b.com/data.json.

For security reasons, browsers restrict cross-origin HTTP requests initiated from scripts. For example, XMLHttpRequest and the Fetch API follow the same-origin policy. This means that a web application using those APIs can only request resources from the same origin the application was loaded from unless the response from other origins includes the right CORS headers.

The CORS mechanism supports secure cross-origin requests and data transfers between browsers and servers. Modern browsers use CORS in APIs such as XMLHttpRequest or Fetch to mitigate the risks of cross-origin HTTP requests.

Read more in https://developer.mozilla.org

⚙️ Installation

Installation is done using the boss install command:

boss install horse-cors

If you choose to install manually, simply add the following folders to your project, in Project > Options > Resource Compiler > Directories and Conditionals > Include file search path

../horse-cors/src

✔️ Compatibility

This middleware is compatible with projects developed in:

  • Delphi
  • Lazarus

⚡️ Quickstart Delphi

uses
  Horse,
  Horse.CORS, // It's necessary to use the unit
  System.SysUtils;

begin
  // You can configure CORS as in the example below:

  // HorseCORS
  //   .AllowedOrigin('*')
  //   .AllowedCredentials('true')
  //   .AllowedHeaders('*')
  //   .AllowedMethods('*')
  //   .ExposedHeaders('*');

  // It's necessary to add the middleware in the Horse:
  THorse.Use(CORS);

  THorse.Get('/ping',
    procedure(Req: THorseRequest; Res: THorseResponse; Next: TProc)
    begin
      Res.Send('pong');
    end);

  THorse.Listen(9000);
end.

⚡️ Quickstart Lazarus

{$MODE DELPHI}{$H+}

uses
  {$IFDEF UNIX}{$IFDEF UseCThreads}
  cthreads,
  {$ENDIF}{$ENDIF}
  Horse,
  Horse.CORS, // It's necessary to use the unit
  SysUtils;

procedure GetPing(Req: THorseRequest; Res: THorseResponse; Next: TNextProc);
begin
  Res.Send('Pong');
end;

begin
  // You can configure CORS as in the example below:

  // HorseCORS
  //   .AllowedOrigin('*')
  //   .AllowedCredentials('true')
  //   .AllowedHeaders('*')
  //   .AllowedMethods('*')
  //   .ExposedHeaders('*');

  // It's necessary to add the middleware in the Horse:
  THorse.Use(CORS);

  THorse.Get('/ping', GetPing);

  THorse.Listen(9000);
end.

⚠️ License

horse-cors is free and open-source middleware licensed under the MIT License.