[
https://issues.apache.org/jira/browse/SHIRO-725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17070256#comment-17070256
]
Benjamin Marwell commented on SHIRO-725:
----------------------------------------
Follow-up on configuration:
Overwriteable per Annotation? Thinking of servlets and JAX-RS as a prominent
example.
{code:java}
@GET @GET
@Path("")
@CorsAllowOrigin(origins = {"self", "https://localhost:*/"})
@RequiresRoles("user")
public Response getAction() {
return Response.ok().build()
}
{code}
Configuration could also be done in {color:#0747a6}{{shiro.ini}}{color}:
{code:java}
[CORS]
# global default
org.apache.shiro.web.cors.CORS.exposeHeaders = X-Total-Count
default = org.apache.shiro.web.cors.CORS
default.allowOrigin = *
default.allowMethods = POST,GET,OPTIONS,HEAD
default.allowOrigin = self
restricted = org.apache.shiro.web.cors.CORS
restricted.allowMethods = POST
static = org.apache.shiro.web.cors.CORS
static.allowMethods = GET
static.allowOrigin = *
js = org.apache.shiro.web.cors.CORS
js.allowMethods = GET
js.allowOrigin = self
js.maxAge = 86400
[CORS/urls]
/* = $default
/user/login = $restricted
/static/* = $static
/js/* = $js
{code}
> Add a CORS filter
> -----------------
>
> Key: SHIRO-725
> URL: https://issues.apache.org/jira/browse/SHIRO-725
> Project: Shiro
> Issue Type: Improvement
> Components: Web
> Reporter: Francois Papon
> Assignee: Francois Papon
> Priority: Major
> Fix For: 1.6.0
>
>
> It would be usefull to add a new filter in order to deal with CORS request.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
