I've added a fix for LPP-9917 as well (show a warning when a CORS request fails).
Raju ------ Change raju-20110502-REe by [email protected] on 2011-05-02 14:00:46 CEST in /Users/raju/src/svn/openlaszlo/cors for http://svn.openlaszlo.org/openlaszlo/trunk Summary: Add CORS support (including credentialled requests) to the LFC data classes. New Features: Add cross-origin resource sharing (CORS) support for LzHTTPLoader.js (DHTML) Support credentialled cross-origin resource sharing requests. Show warning message for failed CORS requests in the DHTML runtime. Bugs Fixed: LPP-9922,LPP-9923,LPP-9917 Technical Reviewer: [email protected],[email protected] QA Reviewer: (pending) Doc Reviewer: (pending) Documentation: New attribute @credentialled is documented on the dataset tag. Release Notes: Datasets in DHTML runtime support cross-origin resource sharing requests with credentials and cookies now. If a CORS request fails, a warning message will be displayed in the Laszlo Debug window. Overview: Full support for cross-origin resource sharing requests (SOLO, unproxied) in the DHTML runtime. If a CORS request fails without delivering a response status code, a warning message will be shown, e.g. "WARNING: Cross-domain data request to localhost with URL http://localhost:9000/cors/corstest/wrongOrigin failed. Make sure that your server is configured for cross-origin resource sharing." Details: LzDataset.lzs: * property credentialled added to dataset. The value of this property will be used for the XHR.withCredentials property when loading the data. LzHTTPDataProvider.lzs * method makeLoader: set the credentialled value on the LzHTTPLoader object. * method makeLoader: remove unnecessary check if (secure == null) {, when setting the secure value on the LzHTTPLoader object. LzHTTPDataRequest.lzs * property credentialled added. * method set LzHTTPLoader.js * add properties iscors and credentialled. * method LzHTTPLoader.prototype.setCredentialled added. * method LzHTTPLoader.prototype.checkIfCORS added. Used to check if a request is a CORS request based on domain/host and port of the request. * show warning message within the onreadystatechange handler, when a CORS request fails. LzHTTPLoader.as * property credentialled added. * setter method setCredentialled added. Tests: LZX test file added test/data/dhtml-cross-origin-dataset.lzx. The test relies on a test webapp application running on http://localhost:9000/cors. The source code with a Maven pom file for running the webapp in Jetty can be downloaded here: https://github.com/raju-bitter/openlaszlo-cors-test After downloading the files, go into the folder openlaszlo-cors-test and execute mvn jetty:run Maven will download all dependencies, and launch the Jetty server on port 9000. Open the LZX test file test/data/dhtml-cross-origin-dataset.lzx using the DHTML runtime, and execute the following actions: 1) Clear all browser cookies 2) Click on button "CORS POST / Access-Control-Allow-Origin mismatch". You should the following warnings/errors in the debug window: WARNING: Cross-domain data request to localhost with URL http://localhost:9000/cors/corstest/wrongOrigin failed. Make sure that your server is configured for cross-origin resource sharing. ERROR: wrongOriginDS.onerror 3) Click on button "CORS POST / withCredentials=true". This will set the cookie with the name "coorscookie" in the browser. 4) Click on button "CORS POST / withCredentials=true". You should now see the cookie "corscookie" in the list of request cookies next to the buttons, e.g. corscookie = CORS cookie is set at 5/3/11 8:44 5) Click on button "CORS POST / withCredentials=false" The client will not send the "coorscokie" or any other cookie back to the server Files: A test/data/dhtml-cross-origin-dataset.lzx M WEB-INF/lps/lfc/kernel/dhtml/LzHTTPLoader.js M WEB-INF/lps/lfc/kernel/swf9/LzHTTPLoader.as M WEB-INF/lps/lfc/data/LzHTTPDataRequest.lzs M WEB-INF/lps/lfc/data/LzHTTPDataProvider.lzs M WEB-INF/lps/lfc/data/LzDataset.lzs Changeset: http://svn.openlaszlo.org/openlaszlo/patches/raju-20110502-REe.tar
