----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/21497/ -----------------------------------------------------------
(Updated May 21, 2014, 2:10 a.m.) Review request for Aurora, David McLaughlin, Kevin Sweeney, and Bill Farner. Changes ------- Addressed Bill's comments. Now applying filter using filter().through. Since we can't use multiple JersyServletModule in the same application, moved ServletAPI registration into ServletModule. Bugs: AURORA-390 https://issues.apache.org/jira/browse/AURORA-390 Repository: aurora Description ------- Add CORS support for thrift end points. Added a command line option to explicitly enable that support since this may a potential security issue and we may not want to enable it in production. Diffs (updated) ----- build.gradle 09fe3bfc5ec535c6bdc8efeb87b0c7e3baf123c5 src/main/java/org/apache/aurora/scheduler/http/CorsFilter.java PRE-CREATION src/main/java/org/apache/aurora/scheduler/http/ServletModule.java effd48a95da459f92ed0f38a7bc35fe9e33b774a src/main/java/org/apache/aurora/scheduler/thrift/SchedulerAPIServlet.java a92525bd45bd297f7384651586738934a5639e1b src/main/java/org/apache/aurora/scheduler/thrift/ThriftModule.java fc5610ec4483bf236da39cb31c0756934b6d264f Diff: https://reviews.apache.org/r/21497/diff/ Testing ------- Local laptop. Attached screenshot. Called the API from another JS app and was able to make a successful $http.post(). File Attachments ---------------- cors with whitelisted domains https://reviews.apache.org/media/uploaded/files/2014/05/16/c4cc2abd-3c3f-4b84-ba8e-c2a353815c56__Screen_Shot_2014-05-15_at_5.11.01_PM.png disabled cors. https://reviews.apache.org/media/uploaded/files/2014/05/16/2d3a938f-c10c-4f17-9ead-326a6748dc49__Screen_Shot_2014-05-15_at_5.10.36_PM.png cors with default whitelist. https://reviews.apache.org/media/uploaded/files/2014/05/16/5af2094a-b015-42c6-a802-7ad016d06480__Screen_Shot_2014-05-15_at_5.12.06_PM.png Thanks, Suman Karumuri