On 01/12/11 15:51, Benson Margulies wrote:
On Thu, Dec 1, 2011 at 10:34 AM, Sergey Beryozkin<[email protected]> wrote:
On 01/12/11 14:51, Benson Margulies wrote:
I propose to add the following
@CorsAllowAllOrigins
@CorsAllowOrigins( "origin1.", ... "originN" )
@CorsAllowMethods( "meth1" ... "methn" )
@CorsExposeMethods( ... )
@CorsMaxAge(integer)
@CorsAllowCredentials(boolean)
and make the filter look for them on resources and classes in the usual
way.
Any objections?
Can we collapse it all into a single annotation but with many properties ?
@Cors(origins = "...",
methods = "a b c"
allowCredentials = true
)
I'd prefer if possible to avoid the explosion of annotations.
I hate space-separated. Can they be String[], or am I stuck with those spaces?
Yes, they can
Re @CorsAllowMethods( "meth1" ... "methn" ) (or methods = "a b") - is it
HTTP methods ?
yes.
Then how it work on a method annotated with say @POST ? May be it should be
a single method value only ?
So we don't need this annotation. If any of the others are there, it
would imply permission for the method.
OK
Re CorsAllowOrigins, is it relative URIs ? We'd probably need to think of
introducing properties such as absolute.uri, etc, to be reused by other
annotation such as SchemaLocation& XMLInstruction
Origin must be an absolute URI. In fact, it's a list of them due to redirects.
You never need to list 'right here', right here is always allowed.
It's only necessary to list other places, so I don't see the need for
anything tricky.
Ok, I guess this is an optional property here. But if we have a redirect
allowed to other endpoint hosted inside the same web app then we may
have to deal with the substitution - I'll take care of it as I will need
to do something about it in context of the other work too
Thanks, Sergey
Thanks, Sergey
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
