Hello,
I have a Delphi REST service built with RO SDK (TROIndyHTTPServer + JSON message). It works fine from same-origin pages and from curl, but browsers from a different origin fail because the CORS preflight OPTIONS request returns 404 — the route is only registered for POST, so OPTIONS never reaches my service method.
I already configured the CORS dispatcher:
(fOrigin:'*';
AllowedOrigin:'*';
AllowedMethods:'GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS';
AllowedHeaders:'Content-Type, Authorization, Access-Token, X-Requested-With';
MaxAge:86400)
…but those headers are only attached to responses that actually hit a service method. Since OPTIONS 404s before that, the browser cancels the real POST.
What I need: for any OPTIONS /api/* request, return 204 No Content + the CORS headers above, before routing.
Questions:
-
Is there a built-in way in RO SDK to auto-handle CORS preflight, or do I have to intercept it manually?
-
If manual — which event on TROIndyHTTPServer (or the underlying Indy TIdHTTPServer) is the right place? OnCommandGet? Some RO OnBeforeDispatch?
-
Can someone share a minimal snippet that:
-
detects ARequestInfo.Command = ‘OPTIONS’
-
writes status 204 + the 4 Access-Control-* headers
-
short-circuits so RO routing doesn’t run afterwards?
-
Versions:
-
RO SDK for Delphi: 10.0.0.1621
-
Delphi: 12.3
Thanks!