#1 2013-01-21 18:49:27

warleyalex
Member
From: Sete Lagoas-MG, Brasil
Registered: 2013-01-20
Posts: 250

Custom HTTP Response Headers

Hi,
Is it possible to send custom HTTP response headers from the server to the browser?
it's a function like in PHP "header()" which is used to send a raw HTTP header.
Examples in PHP:

header('Location: http://www.example.com/');
header("HTTP/1.0 404 Not Found");
header("Location: http://www.example.com/"); /* Redirect browser */
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");

Is there any equivalent in mORMot?

Thank you.

Offline

#2 2013-01-21 21:48:09

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,660
Website

Re: Custom HTTP Response Headers

Are you using method-based services or interface-based services?

Both gives access to the context, in which you can change the OutHeaders properties.

But usually, you do not have to use it, unless you need to publish plain HTML.
Those headers are HTTP specific, so are not expected to be there with other communication protocols, since there are not "pure" RESTful.

Offline

#3 2013-01-22 00:40:23

warleyalex
Member
From: Sete Lagoas-MG, Brasil
Registered: 2013-01-20
Posts: 250

Re: Custom HTTP Response Headers

In the sample project 'Project04Server.exe', with aHandleUserAuthentication ENABLED, so authentication is turned ON to the remote process. Using Ajax request through jQuery I can successuly access the method "SampleRecord".  It works just fine and returns the json with javascript as expected.

What I'm doing to try is making cross domain ajax requests. They work OK if I include some specific response headers from the server, which implies that requests can be made from any domain for example.  So, my server will need to add some specific response headers. For example, I would like to add the following response headers:

Access-Control-Allow-Headers: x-requested-with
Access-Control-Allow-Origin: http://www.exemplo.com

That's it.

Offline

#4 2013-01-22 07:55:17

mpv
Member
From: Ukraine
Registered: 2012-03-24
Posts: 1,571
Website

Re: Custom HTTP Response Headers

2AB: The problem warleyalex say is really exist. In mORMot roadmap we have item "JSONP support", but actually for now is better to support  CORS (https://developer.mozilla.org/en-US/doc … ntrol_CORS) by define public property AllowedDomains on HTTPServer level and handle OPTIONS request type...

2warleyalex: As solution on your HTTP server where static live (let it be myserver.com) configure redirecting querys from URL myserver.com/root* to mORMot_server_IP:port/root* and do AJAX request to URL's myserver.com/root*

Last edited by mpv (2013-01-22 08:18:41)

Offline

#5 2013-01-22 08:29:40

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,660
Website

Re: Custom HTTP Response Headers

So you are directly using RESTful remote access of the ORM.

I suppose the easiest is to create your own version of TSQLRestServer, adding the headers to all outgoing requests.

As such:

type
  TSQLMyRestServerDB = class(TSQLRestServerDB)
  public
    procedure URI(var Call: TSQLRestServerURIParams); override;
  end;


procedure TSQLMyRestServerDB.URI(var Call: TSQLRestServerURIParams);
begin
  inherited;
  Call.OutHead := Trim(Trim(Call.OutHead)+
    #13#10'Access-Control-Allow-Headers: x-requested-with'+
    #13#10'Access-Control-Allow-Origin: http://www.exemplo.com');
end;

(...)
  DB := TSQLMyRestServerDB.Create(Model,ChangeFileExt(paramstr(0),'.db3'),true);

Note that here I use the latest 1.18 unstable version from http://synopse.info/fossil

Offline

#6 2013-01-22 11:02:54

mpv
Member
From: Ukraine
Registered: 2012-03-24
Posts: 1,571
Website

Re: Custom HTTP Response Headers

The first request browser is OPTIONS (without body, and as I understand without URL params ). So must be something like this

procedure TSQLMyRestServerDB.URI(var Call: TSQLRestServerURIParams);
begin
  if Call.Method = 'OPTIONS' then begin //TODO add OPTIONS method to - TSQLURIMethod ENUM and StringToMethod function
   if (Call.InHead has  header Origin and this origin is allowed to call our server) then begin
     Call.OutHead := Trim(Trim(Call.OutHead)+
      #13#10'Access-Control-Allow-Headers: x-requested-with'+
      #13#10'Access-Control-Allow-Methods: POST, GET, DELETE,LOCK,OPTIONS'+
      #13#10'Access-Control-Max-Age: 1728000'+
      #13#10'Access-Control-Allow-Origin: http://www.exemplo.com');  
   end else
      Call.OutHead := Trim(Trim(Call.OutHead)+  #13#10'Access-Control-Allow-Origin: ');   //DENY access
   Call.OutStatus := HTML_SUCCESS;       
 end else
    inherited; 
end;

Offline

#7 2013-01-22 12:15:36

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,660
Website

Re: Custom HTTP Response Headers

I did not know about this OPTIONS method.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html

I suspect I will add it to the framework.
Perhaps a new method set should be worth adding.

I've created a ticket to follow this feature request.
http://synopse.info/fossil/info/5d9669e6b1

Offline

Board footer

Powered by FluxBB