> On May 19, 2014, 11:07 p.m., Bill Farner wrote:
> > src/main/java/org/apache/aurora/scheduler/thrift/CorsFilter.java, line 55
> > <https://reviews.apache.org/r/21497/diff/3/?file=584688#file584688line55>
> >
> >     Ditto for the methods, in javax.ws.rs.HttpMethod, or 
> > org.mortbay.jetty.HttpMethods

Done.


> On May 19, 2014, 11:07 p.m., Bill Farner wrote:
> > src/main/java/org/apache/aurora/scheduler/thrift/CorsFilter.java, line 54
> > <https://reviews.apache.org/r/21497/diff/3/?file=584688#file584688line54>
> >
> >     There are constants you can use for these header names in 
> > com.google.common.net.HttpHeaders
> >     
> >     some of the header values are there too

Done.


> On May 19, 2014, 11:07 p.m., Bill Farner wrote:
> > src/main/java/org/apache/aurora/scheduler/thrift/CorsFilter.java, line 35
> > <https://reviews.apache.org/r/21497/diff/3/?file=584688#file584688line35>
> >
> >     This comment is slightly inaccurate, as the restriction goes down to 
> > jetty: org.mortbay.jetty.servlet.Context#addFilter, if you're interested.
> >     
> >     However, you can do this thanks to jersey-guice!
> >     
> >     Here are some examples that use constructor injection with the 
> > assistance of JerseyServletModule:
> >     
> >     $ grep -R filter src/main/java/ | grep through
> >     src/main/java/org/apache/aurora/scheduler/http/ServletModule.java:      
> >   filter(indexPath + "*").through(LeaderRedirectFilter.class);
> >     src/main/java/org/apache/aurora/scheduler/http/ServletModule.java:      
> >   filter(indexPath + "*").through(GuiceContainer.class, CONTAINER_PARAMS);
> >     src/main/java/org/apache/aurora/scheduler/http/ServletModule.java:      
> >   filter("/scheduler*").through(HttpStatsFilter.class);
> >     src/main/java/org/apache/aurora/scheduler/http/ServletModule.java:      
> >   filter("/scheduler").through(LeaderRedirectFilter.class);

Thanks for pointing that out. Changed.


- Suman


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/21497/#review43438
-----------------------------------------------------------


On May 19, 2014, 10:27 p.m., Suman Karumuri wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/21497/
> -----------------------------------------------------------
> 
> (Updated May 19, 2014, 10:27 p.m.)
> 
> 
> Review request for Aurora, David McLaughlin, Kevin Sweeney, and Bill Farner.
> 
> 
> Bugs: AURORA-390
>     https://issues.apache.org/jira/browse/AURORA-390
> 
> 
> Repository: aurora
> 
> 
> Description
> -------
> 
> Add CORS support for thrift end points. Added a command line option to 
> explicitly enable that support since this may a potential security issue and 
> we may not want to enable it in production.
> 
> 
> Diffs
> -----
> 
>   build.gradle 09fe3bfc5ec535c6bdc8efeb87b0c7e3baf123c5 
>   src/main/java/org/apache/aurora/scheduler/thrift/CorsFilter.java 
> PRE-CREATION 
>   src/main/java/org/apache/aurora/scheduler/thrift/ThriftModule.java 
> fc5610ec4483bf236da39cb31c0756934b6d264f 
> 
> Diff: https://reviews.apache.org/r/21497/diff/
> 
> 
> Testing
> -------
> 
> Local laptop. Attached screenshot.
> Called the API from another JS app and was able to make a successful 
> $http.post().
> 
> 
> File Attachments
> ----------------
> 
> cors with whitelisted domains
>   
> https://reviews.apache.org/media/uploaded/files/2014/05/16/c4cc2abd-3c3f-4b84-ba8e-c2a353815c56__Screen_Shot_2014-05-15_at_5.11.01_PM.png
> disabled cors.
>   
> https://reviews.apache.org/media/uploaded/files/2014/05/16/2d3a938f-c10c-4f17-9ead-326a6748dc49__Screen_Shot_2014-05-15_at_5.10.36_PM.png
> cors with default whitelist.
>   
> https://reviews.apache.org/media/uploaded/files/2014/05/16/5af2094a-b015-42c6-a802-7ad016d06480__Screen_Shot_2014-05-15_at_5.12.06_PM.png
> 
> 
> Thanks,
> 
> Suman Karumuri
> 
>

Reply via email to