-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/21497/
-----------------------------------------------------------

(Updated May 29, 2014, 6:12 p.m.)


Review request for Aurora, David McLaughlin, Kevin Sweeney, and Bill Farner.


Changes
-------

Added a test. Addressed Bill's feedback. Rebased with master.


Bugs: AURORA-390
    https://issues.apache.org/jira/browse/AURORA-390


Repository: aurora


Description
-------

Add CORS support for thrift end points. Added a command line option to 
explicitly enable that support since this may a potential security issue and we 
may not want to enable it in production.


Diffs (updated)
-----

  build.gradle 1e36bbdb2b2e66786fd4385a485856c2b3e4d46d 
  src/main/java/org/apache/aurora/scheduler/http/CorsFilter.java PRE-CREATION 
  src/main/java/org/apache/aurora/scheduler/http/ServletModule.java 
28e47411f06cf2bb9d8bd0bb700419ae14095151 
  src/main/java/org/apache/aurora/scheduler/thrift/SchedulerAPIServlet.java 
fc07ddc2977bffbc937fd1f579cc25285244dcf4 
  src/main/java/org/apache/aurora/scheduler/thrift/ThriftModule.java 
33653d2009af6c544e071de8e5d092f247b75daf 
  src/test/java/org/apache/aurora/scheduler/http/CorsFilterTest.java 
PRE-CREATION 

Diff: https://reviews.apache.org/r/21497/diff/


Testing
-------

Local laptop. Attached screenshot.
Called the API from another JS app and was able to make a successful 
$http.post().


File Attachments
----------------

cors with whitelisted domains
  
https://reviews.apache.org/media/uploaded/files/2014/05/16/c4cc2abd-3c3f-4b84-ba8e-c2a353815c56__Screen_Shot_2014-05-15_at_5.11.01_PM.png
disabled cors.
  
https://reviews.apache.org/media/uploaded/files/2014/05/16/2d3a938f-c10c-4f17-9ead-326a6748dc49__Screen_Shot_2014-05-15_at_5.10.36_PM.png
cors with default whitelist.
  
https://reviews.apache.org/media/uploaded/files/2014/05/16/5af2094a-b015-42c6-a802-7ad016d06480__Screen_Shot_2014-05-15_at_5.12.06_PM.png


Thanks,

Suman Karumuri

Reply via email to