How should I create an api using "OPTIONS" method with the "http in" node?

Please note that I'm talking about the "http in" node, not the "http request" node.

I'm developing a http api using node-red, and need to be able to response to the OPTIONS method, but found that the built-in "http in" node only supports "GET,POST,PUT,DELETE,PATCH".

I googled and youtubed and searched the github issue forum, but found nothing. So PLEASE help me, or PLEASE tell me if there is an alternative way to do that, I'm so confused. Thanks a lot !!!

Hi @zxsoft - welcome to the forums.

You could try the below.
I am not sure where in the pipeline this middleware is executed, so this is a stab in the dark, so may not work.

But,
in settings.js, you can opt to handle the request before it reaches the flow workspace.

/** The following property can be used to add a custom middleware function
     * in front of all http in nodes. This allows custom authentication to be
     * applied to all http in nodes, or any other sort of common request processing.
     * It can be a single function or an array of middleware functions.
     */
    httpNodeMiddleware: function(req,res,next) {
        // do something: (check request method for OPTIONS as an example).
        // if the request is to proceed to the flow - call next()
        next();
    }

@zxsoft there isn't an easy way to do that today. I've added an item on the backlog at add support for other HTTP methods in the node. - Trello

@knolleary,

Just out of curiosity, where in the pipeline is this middleware called?

It get inserted before a request reaches its handler - but it needs to have a handler in place.

So there isn't any way of using it to add OPTIONS support to the node.

1 Like

Thank you SO MUCH for accepting this!

The "options" methods DOES MATTER becase the Browsers like Chrome will automatic use "options" method to check api http header "Access-Control-Allow-Origin" before doing a "post" method for security in my case(the browser calls it "preflight"), and it doesn't allow the "*" value for security.

BUT, unfortunately, there is NO WAY I know for node-red to avoid this, EVEN when I edited "settings.js" and modified the "httpNodeCors.origin"! The setting did take effect when http method was in "get,post,put,delete,patch", but when the method is "options", the "Access-Control-Allow-Origin" header of http response is always "*" ! So the only way I can solve this now is to deploy an nginx server before node-red api to edit the http header when $request_method is "options".

I wrote this much just because I really think this important, thank you very much,a lot much if you can really agree with that.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.