Skip to content

Commit

Permalink
Add section about CORS to the readme
Browse files Browse the repository at this point in the history
  • Loading branch information
@yvbeek
yvbeek committed May 10, 2019
1 parent d036ecc commit 0679e9d
Showing 1 changed file with 28 additions and 1 deletion.
29 changes: 28 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -219,6 +219,33 @@ public class HTTPAppDetailsHandler: HTTPRequestHandler {
}
```

### HTTP: Cross-Origin Resource Sharing (CORS)

The CORS mechanism controls which sites will have permission to access the resources of your server. You can set CORS by sending the `Access-Control-Allow-Origin` header to the client. For development purposes it can be useful to allow all sites with the `*` value.

```swift
response.headers["Access-Control-Allow-Origin"] = "*"
```

If you want to make it a bit fancier, you can create a handler:

```swift
public class HTTPCORSHandler: HTTPRequestHandler {
public func respond(to request: HTTPRequest, nextHandler: HTTPRequest.Handler) throws -> HTTPResponse? {
let response = try nextHandler(request)

// Add access control header for GET requests
if request.method == .GET {
response?.headers["Access-Control-Allow-Origin"] = "*"
}

return response
}
}
```

For increased security you can add additional checks, dig down into the request, and send back different CORS headers for different clients.

### HTTP: Client

For client connections we'll use Apple's [URLSession](https://developer.apple.com/reference/foundation/urlsession) class. Ray Wenderlich has an [excellent tutorial](https://www.raywenderlich.com/110458/nsurlsession-tutorial-getting-started) on it.
Expand Down Expand Up @@ -366,7 +393,7 @@ If your app is send to the background or if the device goes on standby you typic

### What about HTTP/2 support?

Ever wondered how the remote server knows that your browser is HTTP/2 compatible? During TLS negotiation, the application-layer protocol negotation (ALPN) extension field contains "h2" to signal that HTTP/2 is going be used. Apple doesn't offer any (public) methods in Secure Transport or CFNetwork to configure ALPN extensions. A secure HTTP/2 iOS implementation is therefor not possible at the moment.
Ever wondered how the remote server knows that your browser is HTTP/2 compatible? During TLS negotiation, the application-layer protocol negotiation (ALPN) extension field contains "h2" to signal that HTTP/2 is going be used. Apple doesn't offer any (public) methods in Secure Transport or CFNetwork to configure ALPN extensions. A secure HTTP/2 iOS implementation is therefor not possible at the moment.

### Can I use this in my Objective-C project?

Expand Down

0 comments on commit 0679e9d

Please sign in to comment.