IMO, with PAYG, this would go in an extension of HTTPService. Not all apps will need CORS.
Thanks, -Alex On 4/8/17, 8:26 PM, "jmcl...@apache.org" <jmcl...@apache.org> wrote: >Repository: flex-asjs >Updated Branches: > refs/heads/develop 11ef21aae -> 326d69791 > > >CORS security. Allow auth credentials to be passed when using cross site >calls. This is required as well as setting the >Access-Control-Allow-Origin header on the server. > > >Project: >https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgit-wip-us >.apache.org%2Frepos%2Fasf%2Fflex-asjs%2Frepo&data=02%7C01%7C%7C58994717190 >044f003a908d47ef83ba7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C6362730 >52005920291&sdata=eQwxowk79ikXeDxbqXV3OeVrXUzTXNfFR0eKzhU8wiw%3D&reserved= >0 >Commit: >https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgit-wip-us >.apache.org%2Frepos%2Fasf%2Fflex-asjs%2Fcommit%2F326d6979&data=02%7C01%7C% >7C58994717190044f003a908d47ef83ba7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0% >7C0%7C636273052005930299&sdata=f8udpkPpLcL1ivRV3LDW0kJARc8QnLhBDHVFGgCko7M >%3D&reserved=0 >Tree: >https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgit-wip-us >.apache.org%2Frepos%2Fasf%2Fflex-asjs%2Ftree%2F326d6979&data=02%7C01%7C%7C >58994717190044f003a908d47ef83ba7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C >0%7C636273052005930299&sdata=t6MMifwasbm2bgCuzsVN2q4%2BCYcB2uB8o7O%2B%2BJu >yZ5w%3D&reserved=0 >Diff: >https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgit-wip-us >.apache.org%2Frepos%2Fasf%2Fflex-asjs%2Fdiff%2F326d6979&data=02%7C01%7C%7C >58994717190044f003a908d47ef83ba7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C >0%7C636273052005930299&sdata=gJDrCW4YbwaorNFSXVCVjLyq3lwTC67VhCRLEtYlcD0%3 >D&reserved=0 > >Branch: refs/heads/develop >Commit: 326d69791b37cc2aaac546bcfcd3a51e88716f2f >Parents: 11ef21a >Author: Justin Mclean <jmcl...@apache.org> >Authored: Sun Apr 9 13:26:30 2017 +1000 >Committer: Justin Mclean <jmcl...@apache.org> >Committed: Sun Apr 9 13:26:30 2017 +1000 > >---------------------------------------------------------------------- > .../src/main/flex/org/apache/flex/net/HTTPService.as | 13 +++++++++++++ > 1 file changed, 13 insertions(+) >---------------------------------------------------------------------- > > >https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgit-wip-us >.apache.org%2Frepos%2Fasf%2Fflex-asjs%2Fblob%2F326d6979%2Fframeworks%2Fpro >jects%2FNetwork%2Fsrc%2Fmain%2Fflex%2Forg%2Fapache%2Fflex%2Fnet%2FHTTPServ >ice.as&data=02%7C01%7C%7C58994717190044f003a908d47ef83ba7%7Cfa7b1b5a7b3443 >8794aed2c178decee1%7C0%7C0%7C636273052005930299&sdata=TcDMCOEVbLKxedpsnACV >OmZon89YgUkvGxOtd%2F3Qky8%3D&reserved=0 >---------------------------------------------------------------------- >diff --git >a/frameworks/projects/Network/src/main/flex/org/apache/flex/net/HTTPServic >e.as >b/frameworks/projects/Network/src/main/flex/org/apache/flex/net/HTTPServic >e.as >index b939751..3a9968c 100644 >--- >a/frameworks/projects/Network/src/main/flex/org/apache/flex/net/HTTPServic >e.as >+++ >b/frameworks/projects/Network/src/main/flex/org/apache/flex/net/HTTPServic >e.as >@@ -505,6 +505,18 @@ package org.apache.flex.net > return null; > } > >+ /** >+ * Allows Javascript cross-site Access-Control requests to be >made >+ * using credentials such as cookies or authorization headers >+ * >+ * @productversion FlexJS 0.8 >+ */ >+ COMPILE::JS >+ public function set withCredentials(value:Boolean):void { >+ var element:XMLHttpRequest = this.element as XMLHttpRequest; >+ element.withCredentials = value; >+ } >+ > COMPILE::SWF > private var urlLoader:flash.net.URLLoader; > >@@ -606,6 +618,7 @@ package org.apache.flex.net > } > } > >+ > if (_method !== HTTPConstants.GET && > !sawContentType && contentData) { > element.setRequestHeader( >