CORSHeaderProcessor.java

rfeng Mon, 09 Apr 2012 14:03:38 -0700

Author: rfeng
Date: Mon Apr  9 21:03:14 2012
New Revision: 1311440

URL: http://svn.apache.org/viewvc?rev=1311440&view=rev
Log:
Enhance the CORS processor to set the default values based on the request 
headers


Modified:
    
tuscany/sca-java-2.x/trunk/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java

Modified: 
tuscany/sca-java-2.x/trunk/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java
URL: 
http://svn.apache.org/viewvc/tuscany/sca-java-2.x/trunk/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java?rev=1311440&r1=1311439&r2=1311440&view=diff
==============================================================================
--- 
tuscany/sca-java-2.x/trunk/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java
 (original)
+++ 
tuscany/sca-java-2.x/trunk/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java
 Mon Apr  9 21:03:14 2012
@@ -26,34 +26,54 @@ import javax.servlet.http.HttpServletReq
 import javax.servlet.http.HttpServletResponse;
 
 public class CORSHeaderProcessor {
-    public static void processCORS(CORSConfiguration config, 
HttpServletRequest request, HttpServletResponse response) throws IOException {
-        
-        if(config == null) {
-            response.setHeader("Access-Control-Allow-Origin", "*");
-            response.setHeader("Access-Control-Allow-Headers", 
"X-Requested-With, Content-Type");
-            if (request.getMethod().equals("OPTIONS")) {
-                response.setHeader("Access-Control-Allow-Methods", "OPTIONS, 
HEAD, GET, POST, PUT, DELETE");
+    public static void processCORS(CORSConfiguration config, 
HttpServletRequest request, HttpServletResponse response)
+        throws IOException {
+
+        if (config == null) {
+            String allowHeaders = 
request.getHeader("Access-Control-Request-Headers");
+            if (allowHeaders == null) {
+                allowHeaders = "Content-Type, Accept, Origin, 
X-Requested-With";
+            }
+            String allowMethods = 
request.getHeader("Access-Control-Request-Method");
+            if (allowMethods == null) {
+                allowHeaders = "OPTIONS, HEAD, GET, POST, PUT, DELETE";
+            }
+
+            String allowOrigins = request.getHeader("Origin");
+            if (allowOrigins == null) {
+                allowOrigins = "*";
+            }
+
+            response.setHeader("Access-Control-Allow-Origin", allowOrigins);
+            response.setHeader("Access-Control-Allow-Headers", allowHeaders);
+            response.setHeader("Access-Control-Allow-Credentials", "true");
+            if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
+                response.setHeader("Access-Control-Allow-Methods", 
allowMethods);
                 response.setHeader("Access-Control-Max-Age", "1728000");
             }
             return;
         }
-        
-        if(config.allowCredentials) {
-            response.setHeader("Access-Control-Allow-Credentials", 
Boolean.toString(config.isAllowCredentials()));
+
+        if (config.isAllowCredentials()) {
+            response.setHeader("Access-Control-Allow-Credentials", "true");
         }
 
-        if(config.getMaxAge() > 0) {
+        if (config.getMaxAge() > 0) {
             response.setHeader("Access-Control-Max-Age", 
Integer.toString(config.getMaxAge()));
         }
-        
-        response.setHeader("Access-Control-Allow-Origin", 
getAllowOrigins(config));
+
+        response.setHeader("Access-Control-Allow-Origin", 
getAllowOrigins(config, request));
         response.setHeader("Access-Control-Allow-Methods", 
getAllowMethods(config));
         response.setHeader("Access-Control-Allow-Headers", 
getAllowHeaders(config));
         response.setHeader("Access-Control-Expose-Headers", 
getExposeHeaders(config));
     }
-    
-    private static String getAllowOrigins(CORSConfiguration config) {
-        return getListValues(config.getAllowOrigins(), "*");
+
+    private static String getAllowOrigins(CORSConfiguration config, 
HttpServletRequest request) {
+        String allowOrigins = request.getHeader("Origin");
+        if (allowOrigins == null) {
+            allowOrigins = "*";
+        }
+        return getListValues(config.getAllowOrigins(), allowOrigins);
     }
 
     private static String getAllowMethods(CORSConfiguration config) {
@@ -61,24 +81,24 @@ public class CORSHeaderProcessor {
     }
 
     private static String getAllowHeaders(CORSConfiguration config) {
-        return getListValues(config.getAllowHeaders(), "X-Requested-With, 
Content-Type");
+        return getListValues(config.getAllowHeaders(), "X-Requested-With, 
Content-Type, Accept, Origin");
     }
-    
+
     private static String getExposeHeaders(CORSConfiguration config) {
         return getListValues(config.getExposeHeaders(), "X-Requested-With, 
Content-Type");
     }
-    
+
     private static String getListValues(List<String> list, String 
defaultValue) {
         StringBuffer values = new StringBuffer();
-        if(list != null && list.isEmpty() == false) {
-            for(String value : list) {
+        if (list != null && list.isEmpty() == false) {
+            for (String value : list) {
                 values.append(value).append(",");
             }
             values.deleteCharAt(values.length());
         } else {
             values.append(defaultValue);
         }
-        
+
         return values.toString();
     }
 }

svn commit: r1311440 - /tuscany/sca-java-2.x/trunk/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java

Reply via email to