support CORS in template instanciation endpoint, fixes #113

NEWS.md

@@ -5,6 +5,8 @@ New features:
 
  * Add 'user_from_host' directive to generalize username extraction (#100)
  * Implement signed template maps (#98)
+ * Support CORS in template instanciation endpoint
+
 
 Other changes:
 

lib/cartodb/cartodb_windshaft.js

@@ -371,6 +371,11 @@ var CartodbWindshaft = function(serverOptions) {
       );
     };
 
+    ws.options(template_baseurl + '/:template_id', function(req, res) {
+      ws.doCORS(res, "Content-Type");
+      return next();
+    });
+
     // Instantiate a template
     ws.post(template_baseurl + '/:template_id', function(req, res) {
       ws.doCORS(res);

test/acceptance/templates.js

@@ -131,6 +131,32 @@ suite('template_api', function() {
       );
     });
 
+    test("instance endpoint should return CORS headers", function(done){
+      Step(function postTemplate1(err, res) {
+          var next = this;
+          var post_request = {
+              url: '/tiles/template?api_key=1234',
+              method: 'POST',
+              headers: {host: 'localhost.localhost', 'Content-Type': 'application/json' },
+              data: JSON.stringify(template_acceptance1)
+          };
+          assert.response(server, post_request, {}, function(res) { next(null, res); });
+        },
+        function testCORS() {
+          assert.response(server, {
+              url: '/tiles/template/acceptance1',
+              method: 'OPTIONS'
+          },{
+              status: 200,
+              headers: {
+                'Access-Control-Allow-Headers': 'X-Requested-With, X-Prototype-Version, X-CSRF-Token, Content-Type',
+                'Access-Control-Allow-Origin': '*'
+              }
+          }, function() { done(); });
+      });
+    });
+
+
     test("can list templates", function(done) {
 
       var errors = [];