I have an HTTP Endpoint that authenticates a user and returns JSON data. The client making the API call first sends a preflight OPTIONS request and then the GET request with authorization header to retrieve the data. If authenticate_users is false, it works just fine. However, when authenticate_users is true, the preflight request returns a 401 response (I assume because it expects an authorization header with the preflight request, not just the GET request). As the preflight request does not send an authorization header, it is rejected immediately before it ever gets to my function, and the API call fails.
I can’t find a way to only authenticate on a GET request, and it doesn’t seem that I can send an authorization header without doing the preflight OPTIONS request.
Here is my endpoint code:
Code Sample:
@anvil.server.http_endpoint("/data", methods=['GET','OPTIONS'], enable_cors=True, authenticate_users=True)
def get_data():
if anvil.server.request.method == 'OPTIONS':
r = anvil.server.HttpResponse()
r.headers['access-control-allow-headers'] = 'Origin, X-Requested-With, Content-Type, Accept, Authorization'
return r
else:
data = {
'addresses': get_addresses(),
'companies': get_companies(),
'locations': get_locations(),
}
return data
Any help is greatly appreciated!