> On May 21, 2014, 2:43 a.m., Bill Farner wrote:
> > src/main/java/org/apache/aurora/scheduler/http/CorsFilter.java, line 2
> > <https://reviews.apache.org/r/21497/diff/4/?file=585947#file585947line2>
> >
> >     2014

Removed the date from the header after the recent change.


> On May 21, 2014, 2:43 a.m., Bill Farner wrote:
> > src/main/java/org/apache/aurora/scheduler/http/CorsFilter.java, line 38
> > <https://reviews.apache.org/r/21497/diff/4/?file=585947#file585947line38>
> >
> >     s/List/Set/

Done.


> On May 21, 2014, 2:43 a.m., Bill Farner wrote:
> > src/main/java/org/apache/aurora/scheduler/http/CorsFilter.java, line 47
> > <https://reviews.apache.org/r/21497/diff/4/?file=585947#file585947line47>
> >
> >     s/List/Set/

Done.


> On May 21, 2014, 2:43 a.m., Bill Farner wrote:
> > src/main/java/org/apache/aurora/scheduler/http/CorsFilter.java, line 55
> > <https://reviews.apache.org/r/21497/diff/4/?file=585947#file585947line55>
> >
> >     javadoc, explain the arg

Done.


> On May 21, 2014, 2:43 a.m., Bill Farner wrote:
> > src/main/java/org/apache/aurora/scheduler/http/ServletModule.java, line 110
> > <https://reviews.apache.org/r/21497/diff/4/?file=585948#file585948line110>
> >
> >     Should this be /api/*?  Semantically seems odd to capture 
> > /apiotherstuff.

filter's syntax doesn't seem to match the servlet path spec. So /api* covers 
/api/* as well. Confirmed it in a test also.


> On May 21, 2014, 2:43 a.m., Bill Farner wrote:
> > src/main/java/org/apache/aurora/scheduler/http/CorsFilter.java, line 35
> > <https://reviews.apache.org/r/21497/diff/4/?file=585947#file585947line35>
> >
> >     Apologies for not bringing this up earlier, but test coverage for this 
> > class would be greatly appreciated.

Added.


- Suman


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/21497/#review43574
-----------------------------------------------------------


On May 21, 2014, 2:10 a.m., Suman Karumuri wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/21497/
> -----------------------------------------------------------
> 
> (Updated May 21, 2014, 2:10 a.m.)
> 
> 
> Review request for Aurora, David McLaughlin, Kevin Sweeney, and Bill Farner.
> 
> 
> Bugs: AURORA-390
>     https://issues.apache.org/jira/browse/AURORA-390
> 
> 
> Repository: aurora
> 
> 
> Description
> -------
> 
> Add CORS support for thrift end points. Added a command line option to 
> explicitly enable that support since this may a potential security issue and 
> we may not want to enable it in production.
> 
> 
> Diffs
> -----
> 
>   build.gradle 09fe3bfc5ec535c6bdc8efeb87b0c7e3baf123c5 
>   src/main/java/org/apache/aurora/scheduler/http/CorsFilter.java PRE-CREATION 
>   src/main/java/org/apache/aurora/scheduler/http/ServletModule.java 
> effd48a95da459f92ed0f38a7bc35fe9e33b774a 
>   src/main/java/org/apache/aurora/scheduler/thrift/SchedulerAPIServlet.java 
> a92525bd45bd297f7384651586738934a5639e1b 
>   src/main/java/org/apache/aurora/scheduler/thrift/ThriftModule.java 
> fc5610ec4483bf236da39cb31c0756934b6d264f 
> 
> Diff: https://reviews.apache.org/r/21497/diff/
> 
> 
> Testing
> -------
> 
> Local laptop. Attached screenshot.
> Called the API from another JS app and was able to make a successful 
> $http.post().
> 
> 
> File Attachments
> ----------------
> 
> cors with whitelisted domains
>   
> https://reviews.apache.org/media/uploaded/files/2014/05/16/c4cc2abd-3c3f-4b84-ba8e-c2a353815c56__Screen_Shot_2014-05-15_at_5.11.01_PM.png
> disabled cors.
>   
> https://reviews.apache.org/media/uploaded/files/2014/05/16/2d3a938f-c10c-4f17-9ead-326a6748dc49__Screen_Shot_2014-05-15_at_5.10.36_PM.png
> cors with default whitelist.
>   
> https://reviews.apache.org/media/uploaded/files/2014/05/16/5af2094a-b015-42c6-a802-7ad016d06480__Screen_Shot_2014-05-15_at_5.12.06_PM.png
> 
> 
> Thanks,
> 
> Suman Karumuri
> 
>

Reply via email to