On Thu, Dec 1, 2011 at 10:34 AM, Sergey Beryozkin <[email protected]> wrote: > On 01/12/11 14:51, Benson Margulies wrote: >> >> I propose to add the following >> >> @CorsAllowAllOrigins >> @CorsAllowOrigins( "origin1.", ... "originN" ) >> @CorsAllowMethods( "meth1" ... "methn" ) >> @CorsExposeMethods( ... ) >> @CorsMaxAge(integer) >> @CorsAllowCredentials(boolean) >> >> and make the filter look for them on resources and classes in the usual >> way. >> >> Any objections? > > > Can we collapse it all into a single annotation but with many properties ? > @Cors(origins = "...", > methods = "a b c" > allowCredentials = true > ) > > I'd prefer if possible to avoid the explosion of annotations.
I hate space-separated. Can they be String[], or am I stuck with those spaces? > > Re @CorsAllowMethods( "meth1" ... "methn" ) (or methods = "a b") - is it > HTTP methods ? yes. > Then how it work on a method annotated with say @POST ? May be it should be > a single method value only ? So we don't need this annotation. If any of the others are there, it would imply permission for the method. > Re CorsAllowOrigins, is it relative URIs ? We'd probably need to think of > introducing properties such as absolute.uri, etc, to be reused by other > annotation such as SchemaLocation & XMLInstruction Origin must be an absolute URI. In fact, it's a list of them due to redirects. You never need to list 'right here', right here is always allowed. It's only necessary to list other places, so I don't see the need for anything tricky. > > Thanks, Sergey
