How to authenticate from a bookmarklet in Yesod / How to add OPTIONS to Auth subsite of Yesod

Question

I wanted to access a server API I made with Yesod 1.2 from a bookmarklet. I wanted to POST from the bookmarklet at any other sites. The server API has an authentication (by Mozilla Persona and Google ID). This means:

• The server has to accept a cross-origin request from a bookmarklet.
• The server needs authentication for the API access from the bookmarklet.

I added OPTIONS to my Handler according to the following.

https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS

Allowing cross-origin requests in Yesod

I noticed, however, that the request is forwarded to /auth/login of the Yesod app, even after the user is logged in from the browser (I think this makes sense because these two are different domains). Auth is handled in a subsite. So I think I need OPTIONS for /auth/login as well. How can I add OPTIONS for Auth subsite in config/routes file?

Or, is there any better way to have authentication from a bookmarklet?

Answer 1

Two approaches:

1. Send a pull request for yesod-auth to include OPTIONS.
2. Use a middleware to handle that request.

I'd go for (1), you'll be benefiting the community and it will be easier to maintain.