----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/21497/#review43438 -----------------------------------------------------------
src/main/java/org/apache/aurora/scheduler/thrift/CorsFilter.java <https://reviews.apache.org/r/21497/#comment77593> This comment is slightly inaccurate, as the restriction goes down to jetty: org.mortbay.jetty.servlet.Context#addFilter, if you're interested. However, you can do this thanks to jersey-guice! Here are some examples that use constructor injection with the assistance of JerseyServletModule: $ grep -R filter src/main/java/ | grep through src/main/java/org/apache/aurora/scheduler/http/ServletModule.java: filter(indexPath + "*").through(LeaderRedirectFilter.class); src/main/java/org/apache/aurora/scheduler/http/ServletModule.java: filter(indexPath + "*").through(GuiceContainer.class, CONTAINER_PARAMS); src/main/java/org/apache/aurora/scheduler/http/ServletModule.java: filter("/scheduler*").through(HttpStatsFilter.class); src/main/java/org/apache/aurora/scheduler/http/ServletModule.java: filter("/scheduler").through(LeaderRedirectFilter.class); src/main/java/org/apache/aurora/scheduler/thrift/CorsFilter.java <https://reviews.apache.org/r/21497/#comment77590> There are constants you can use for these header names in com.google.common.net.HttpHeaders some of the header values are there too src/main/java/org/apache/aurora/scheduler/thrift/CorsFilter.java <https://reviews.apache.org/r/21497/#comment77591> Ditto for the methods, in javax.ws.rs.HttpMethod, or org.mortbay.jetty.HttpMethods - Bill Farner On May 19, 2014, 10:27 p.m., Suman Karumuri wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/21497/ > ----------------------------------------------------------- > > (Updated May 19, 2014, 10:27 p.m.) > > > Review request for Aurora, David McLaughlin, Kevin Sweeney, and Bill Farner. > > > Bugs: AURORA-390 > https://issues.apache.org/jira/browse/AURORA-390 > > > Repository: aurora > > > Description > ------- > > Add CORS support for thrift end points. Added a command line option to > explicitly enable that support since this may a potential security issue and > we may not want to enable it in production. > > > Diffs > ----- > > build.gradle 09fe3bfc5ec535c6bdc8efeb87b0c7e3baf123c5 > src/main/java/org/apache/aurora/scheduler/thrift/CorsFilter.java > PRE-CREATION > src/main/java/org/apache/aurora/scheduler/thrift/ThriftModule.java > fc5610ec4483bf236da39cb31c0756934b6d264f > > Diff: https://reviews.apache.org/r/21497/diff/ > > > Testing > ------- > > Local laptop. Attached screenshot. > Called the API from another JS app and was able to make a successful > $http.post(). > > > File Attachments > ---------------- > > cors with whitelisted domains > > https://reviews.apache.org/media/uploaded/files/2014/05/16/c4cc2abd-3c3f-4b84-ba8e-c2a353815c56__Screen_Shot_2014-05-15_at_5.11.01_PM.png > disabled cors. > > https://reviews.apache.org/media/uploaded/files/2014/05/16/2d3a938f-c10c-4f17-9ead-326a6748dc49__Screen_Shot_2014-05-15_at_5.10.36_PM.png > cors with default whitelist. > > https://reviews.apache.org/media/uploaded/files/2014/05/16/5af2094a-b015-42c6-a802-7ad016d06480__Screen_Shot_2014-05-15_at_5.12.06_PM.png > > > Thanks, > > Suman Karumuri > >