Hi Devs,
I thought of giving some insight to the approach and the design, so that I
can have your valuable feedback.
Following configuration should be added to the axis2.xml
<CORSConfig enabled="true">
<Access-Control-Allow-Headers>content-type,soapaction,x-requested-with</Access-Control-Allow-Headers>
<Access-Control-Allow-Methods>GET,POST,PUT,DELETE,OPTIONS</Access-Control-Allow-Methods>
<Access-Control-Allow-Origin>*</Access-Control-Allow-Origin>
<Access-Control-Expose-Headers>header1,header2</Access-Control-Expose-Headers>
<Access-Control-Allow-Credentials enabled="false"/>
<Access-Control-Max-Age>500</Access-Control-Max-Age>
</CORSConfig>
Classes
------------------------
*CorsConfig*
Using those configuration CorsConfig is created and can be retrieved
through AxisConfiguration.
*CORSProcesser*
This class is implemented according to the section 6 of the CORS spec.
Currently CORS Processor in engaged in the AxisHttpService handle request
method. As per Sagara's mail, I will work on adding this to servlet
transport later
if(corsConfig.isEnabled()){
//CORS is enabled by the configs
corsProcessor.process(axisreq,axisres);
}
Thanks,
Asanka
On Thu, Jul 16, 2015 at 10:30 PM, Asanka Dissanayake <[email protected]>
wrote:
> Hi Devs,
> I thought of giving some insight to the approach and the design, so that I
> can have your valuable feedback.
>
> Following configuration should be added to the axis2.xml
>
>
>
>
>
> On Thu, Jul 16, 2015 at 1:44 AM, Deepal jayasinghe <[email protected]>
> wrote:
>
>> Done.
>>
>> Deepal
>>
>> Hi Devs,
>> Can some one assign me the issue
>> https://issues.apache.org/jira/browse/AXIS2-5708.
>> I cannot assign it to myself. Seems I don't have enough permissions.
>>
>> Thanks,
>> Asanka
>>
>> On Sun, Jul 12, 2015 at 8:57 PM, Asanka Dissanayake <[email protected]>
>> wrote:
>>
>>> Hi Devs,
>>> What is the best place to implement this. IMHO I think following place
>>> is suitable.
>>>
>>> org.apache.axis2.transport.http.server.AxisHttpService.handleRequest(final
>>> AxisHttpConnection conn, final HttpContext context)
>>> throws IOException, HttpException
>>>
>>> Thanks,
>>> Asanka D
>>>
>>> On Sat, Jul 11, 2015 at 3:18 PM, Asanka Dissanayake <[email protected]
>>> > wrote:
>>>
>>>> Yes, agreed. I will start implementation with axis2 http transport .
>>>>
>>>> Thanks,
>>>> Asanka D
>>>>
>>>>
>>>> On Saturday, July 11, 2015, Hiranya Jayathilaka <[email protected]>
>>>> wrote:
>>>>
>>>>>
>>>>> On Jul 10, 2015, at 6:50 PM, Asanka Dissanayake <[email protected]>
>>>>> wrote:
>>>>>
>>>>> Hi Devs,
>>>>> How about implementing this as an Axis2 module. That will allow user
>>>>> to have the feature if user prefers. And we can re-use it for synapse as
>>>>> well.
>>>>>
>>>>>
>>>>> I read about this technology a little bit. My preference is for
>>>>> implementing it in the HTTP transport. This really is a HTTP-specific
>>>>> feature, and I don't see a reason why it should be implemented outside the
>>>>> transport. Unfortunately, however, this means we have to re-implement it
>>>>> for Synapse.
>>>>>
>>>>> Thanks,
>>>>> Hiranya
>>>>>
>>>>>
>>>>> Thanks,
>>>>> Asanka
>>>>>
>>>>> On Fri, Jul 10, 2015 at 12:46 AM, Hiranya Jayathilaka <
>>>>> [email protected]> wrote:
>>>>>
>>>>>> This might be a useful feature addition to Synapse as well. When
>>>>>> you're done with the Axis2 implementation, perhaps you can take a look at
>>>>>> the Synapse pass-thru transport as well.
>>>>>>
>>>>>> Thanks,
>>>>>> Hiranya
>>>>>>
>>>>>> On Jul 9, 2015, at 5:27 AM, T. Allen <[email protected]> wrote:
>>>>>>
>>>>>> +1 for adding CORS support.
>>>>>>
>>>>>>
>>>>>> On 7/8/2015 8:13 PM, Asanka Dissanayake wrote:
>>>>>>
>>>>>> Hi Devs,
>>>>>> I recently happened to call a Axis2Service with AJAX post method.
>>>>>> Then there was an "Access-Control-Allow-Origin Error". When I was digging
>>>>>> through the path, I came to know about CORS (Cross Origin Resource
>>>>>> Sharing)
>>>>>> spec [1] .
>>>>>>
>>>>>> User agents commonly apply same-origin restrictions to network
>>>>>> requests. These restrictions prevent a client-side Web application
>>>>>> running
>>>>>> from one origin from obtaining data retrieved from another origin, and
>>>>>> also
>>>>>> limit unsafe HTTP requests that can be automatically launched toward
>>>>>> destinations that differ from the running application's origin.
>>>>>>
>>>>>> To overcome this issue , I implemented an axis2 handler which the
>>>>>> implementation is very specific to my use case. It handles the preflight
>>>>>> request.
>>>>>>
>>>>>> In Axis2 , have we implemented CORS Spec? If not what about providing
>>>>>> CORS support with Axis2?
>>>>>> Since I already have the implementation, I can make it more generic
>>>>>> and add to Axis2.
>>>>>>
>>>>>> [1] http://www.w3.org/TR/cors/
>>>>>>
>>>>>> Thanks,
>>>>>> Asanka
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: [email protected]
>>>>>> For additional commands, e-mail: [email protected]
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Hiranya Jayathilaka
>>>>>> Mayhem Lab/RACE Lab;
>>>>>> Dept. of Computer Science, UCSB; http://cs.ucsb.edu
>>>>>> E-mail: [email protected]; Mobile: +1 (805) 895-7443
>>>>>> <%2B1%20%28805%29%20895-7443>
>>>>>> Blog: http://techfeast-hiranya.blogspot.com
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> Hiranya Jayathilaka
>>>>> Mayhem Lab/RACE Lab;
>>>>> Dept. of Computer Science, UCSB; http://cs.ucsb.edu
>>>>> E-mail: [email protected]; Mobile: +1 (805) 895-7443
>>>>> Blog: http://techfeast-hiranya.blogspot.com
>>>>>
>>>>>
>>>
>>
>>
>
