Reputation: 1654
Sails.js disable cookie set for OPTIONS requests
I am developing an app which uses Sailsjs as backend and Angular 4 on different server as backend. Due to this I mus thave enable CORS and every HTTP request coming from angular app is prepended by OPTIONS request which is I believe added by browser. Problem is that Sailsjs creates cookies for this OPTIONS request but this cookie is not saved in browser.
Therefore my redis server is being overwhelmed by a lot of cookies made by OPTIONS request. What I want to achieve is to disable OPTIONS request cookies. I have tried it by following route config:
'OPTIONS /*': {
cors: {
credentials: false
}
}
my global CORS config looks like this:
allRoutes: true,
origin: 'http://127.0.0.1:4200',
credentials: true,
methods: 'GET,POST, PUT, DELETE, OPTIONS, HEAD'
headers: 'content-type, authorization, timeout'
securityLevel: 1
but this is not working and server always responds with cookie set for OPTIONS requests. Any idea on how to set this up correctly?
UPDATE Studying the documentation of Sailsjs I have come up with another solution, which is also not working. I have added this code to session settings:
routesDisabled: ['OPTIONS /*']
but this have disabled session for all requests ignoring that I have specifially wanted only OPTIONS requests.
Upvotes: 0
Views: 615
Answers (2)
Reputation: 357
For those on older versions without the routesDisabled option, you can put a shim in front of the built-in sails session middleware.
customSession: function customSession(req, res, next) {
const noSessionRoutes = [
'/'
];
//if this is an OPTIONS request, browsers won't send a cookie, so don't create a new session
//for API routes, we also don't want to create a session and/or respond with a cookie
if (req.method.toUpperCase() === 'OPTIONS' || noSessionRoutes.includes(req.url)) {
req.session = {};
return next();
}
//this will fall back to the built-in sails session configured in session.js
else {
sails.config.http.middleware.session(req, res, next);
}
}
Then middleware.order looks something like this:
order: [
'cookieParser',
'customSession',
...]
Upvotes: 0
Reputation: 1654
Ok, I solved it the problem is bug in sails version 0.12.14 which is at this time latest stable version.
File lib/hooks/http/get-configured-http-middleware-fns.js contains at line 88 this statement
if(!isMethodExactMatch && !isMethodImplicitMatch && disabledRouteInfo.method === '*'){
but it should be
if(!isMethodExactMatch && !isMethodImplicitMatch && disabledRouteInfo.method !== '*'){
after making this change I've got it working.
Upvotes: 2
Related Questions
- How to disable cookies using sails js
- Access cookies from Sails.js controller
- Browser send the OPTIONS request does not bring the cookie to the server?
- Cookies not sent on OPTIONS requests
- Setting for Cookies never expire in SailsJs
- set secure cookie in sails.js app
- how to set cookie before sending response node js (Sails)
- Handling session/cookie with Sails.JS and AngularJS
- Sails with Express' Cookie-based Session
- Suppress OPTIONS Requests in Angular CORS