Yes. Actually it is set of parameters. Allowed Origins,Methods,Headers etc... can be configured in the axis2.xml. I would propose as below.
<CORSConfig enabled="true"> <Access-Control-Allow-Headers>Authorization, Content-Type, Accept</Access-Control-Allow-Headers> <Access-Control-Allow-Methods>GET,POST,PUT,DELETE,OPTIONS</Access-Control-Allow-Methods> <Access-Control-Allow-Origin>*</Access-Control-Allow-Origin> .... </CORSConfigs> Those are not the only configs , there are some more. Shall I go ahead and create JIRA for tracking this ? Thanks, Asanka On Wed, Jul 8, 2015 at 8:22 PM, Deepal Jayasinghe <[email protected]> wrote: > Sure, let's have it. Maybe we can do that at transport level (HTTP) and > control via a parameter in axis2.xml > > Deepal > > On Wed, Jul 8, 2015 at 5:13 PM, Asanka Dissanayake <[email protected]> > wrote: > >> Hi Devs, >> I recently happened to call a Axis2Service with AJAX post method. Then >> there was an "Access-Control-Allow-Origin Error". When I was digging >> through the path, I came to know about CORS (Cross Origin Resource Sharing) >> spec [1] . >> >> User agents commonly apply same-origin restrictions to network requests. >> These restrictions prevent a client-side Web application running from one >> origin from obtaining data retrieved from another origin, and also limit >> unsafe HTTP requests that can be automatically launched toward destinations >> that differ from the running application's origin. >> >> To overcome this issue , I implemented an axis2 handler which the >> implementation is very specific to my use case. It handles the preflight >> request. >> >> In Axis2 , have we implemented CORS Spec? If not what about providing >> CORS support with Axis2? >> Since I already have the implementation, I can make it more generic and >> add to Axis2. >> >> [1] http://www.w3.org/TR/cors/ >> >> Thanks, >> Asanka >> > > > > -- > http://blogs.deepal.org >
