[jira] [Comment Edited] (LENS-594) Cross origin resource sharing in LENS

Tue, 23 Jun 2015 05:31:07 -0700 

    [ 
https://issues.apache.org/jira/browse/LENS-594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14597569#comment-14597569
 ] 

Rajat Khandelwal edited comment on LENS-594 at 6/23/15 12:29 PM:
-----------------------------------------------------------------

Hi [~balaknathan] Please assign it to yourself and provide a patch. 


was (Author: prongs):
Hi [~balaknathan] I'm assigning it to you. Please provide a patch. 

> Cross origin resource sharing in LENS
> -------------------------------------
>
>                 Key: LENS-594
>                 URL: https://issues.apache.org/jira/browse/LENS-594
>             Project: Apache Lens
>          Issue Type: Task
>          Components: server
>            Reporter: Bala Nathan
>
> This is a tracking ticket to support CORS in lens. Lens currently does not 
> have support for CORS (cross origin resource sharing). CORS is needed when 
> the API and frontend run on different subdomains/different ports (i.e cross 
> origin). Currently, I think the frontend service and API that the frontend 
> uses run on port 1999 and hence this is not a problem. However, if one needs 
> to isolate the frontend and API's to be running on different hosts, this 
> would need to be supported. Here's some more info on CORS: 
> http://www.staticapps.org/articles/cross-domain-requests-with-cors 
> Essentially, what we need to do is to allow the following response headers to 
> be returned by the server :
> Access-Control-Allow-Origin: As described above, this needs to be either the 
> origin of the request or *.
> Access-Control-Allow-Methods: This is a comma-separated list of the HTTP 
> methods that are allowed, for example POST, PUT, OPTIONS.
> Access-Control-Allow-Headers: A comma-separated list of allowable custom 
> request headers, for example AUTHORIZATION, X-CLIENT-ID, X-CLIENT_SECRET.
> As a proof of concept, I have added a CORSResponseFilter (similar to the 
> authentication filter) that adds the above to the response header and I find 
> it to be resolving the problem. Ideally, we would like these response headers 
> to be configurable as part of lens conf (lens-site.xml) with the default 
> behaviour assuming frontend and API can both run on same host. 
> Bala



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to