| [Previous][Up][Next] |
The TCORSSupport.HandleRequest method returns a boolean value that indicates whether the request should continue processing after CORS validation. Understanding this return value is crucial for proper CORS implementation.
True - The request passes CORS validation and should be processed normally. This means the origin is allowed, the method is permitted, and required headers are present.
False - The request fails CORS validation and should be rejected. The method automatically sets appropriate error response headers when returning False.
program CORSReturnValueExample; {$mode objfpc}{$H+} uses httpdefs, SysUtils; procedure ProcessRequestWithCORS(Request: TRequest; Response: TResponse); var CORS: TCORSSupport; AllowRequest: Boolean; begin CORS := TCORSSupport.Create; try CORS.Enabled := True; CORS.AllowedOrigins := 'https://trusted-site.com'; CORS.AllowedMethods := 'GET,POST'; // Handle CORS - the return value determines next steps AllowRequest := CORS.HandleRequest(Request, Response, []); if AllowRequest then begin Writeln('[OK] CORS validation passed - processing request'); // Continue with normal request processing if Request.Method = 'GET' then begin Response.Content := 'Data from server'; Response.ContentType := 'text/plain'; Response.Code := 200; end else if Request.Method = 'POST' then begin Response.Content := 'Data received'; Response.Code := 201; end else if Request.Method = 'OPTIONS' then begin // Preflight handled by CORS support Response.Code := 200; end; end else begin Writeln('[KO] CORS validation failed - request blocked'); // Don't process the request - CORS already set error response // Response.Code and headers are already set by HandleRequest Writeln('Response already configured with CORS error'); end; finally CORS.Free; end; end; var Request: TRequest; Response: TResponse; begin Request := TRequest.Create; Response := TResponse.Create(Request); try // Test with allowed origin Writeln('=== Testing with allowed origin ==='); Request.Method := 'GET'; Request.SetCustomHeader('Origin', 'https://trusted-site.com'); ProcessRequestWithCORS(Request, Response); // Reset for next test Response.Code := 200; Response.Content := ''; // Test with disallowed origin Writeln('=== Testing with disallowed origin ==='); Request.SetCustomHeader('Origin', 'https://malicious-site.com'); ProcessRequestWithCORS(Request, Response); Writeln('Final response code: ', Response.Code); finally Response.Free; Request.Free; end; end.