Author: rwesten
Date: Tue Oct 4 09:25:04 2011
New Revision: 1178736
URL: http://svn.apache.org/viewvc?rev=1178736&view=rev
Log:
STANBOL-105: Added Support for CORS "Access-Control-Request-Method" by simply
sending the values parsed in OPTIONS request back in the response. This
basically tells that any header value can be used for requests - somthing that
is in line with the implementation of the Stanbol RESTful services.
The main reason for adding support for "Access-Control-Request-Method" is that
JavaScript frameworks (like jquery) add the "X-Requested-With: XMLHttpRequest"
header to indicate that an request is originated from an XMLHttpRequest. Based
on the CORS principles it MUST BE explicitly requested in OPTIONS preflight
requests that this hadder can be sent.
Modified:
incubator/stanbol/trunk/commons/web/base/src/main/java/org/apache/stanbol/commons/web/base/CorsHelper.java
Modified:
incubator/stanbol/trunk/commons/web/base/src/main/java/org/apache/stanbol/commons/web/base/CorsHelper.java
URL:
http://svn.apache.org/viewvc/incubator/stanbol/trunk/commons/web/base/src/main/java/org/apache/stanbol/commons/web/base/CorsHelper.java?rev=1178736&r1=1178735&r2=1178736&view=diff
==============================================================================
---
incubator/stanbol/trunk/commons/web/base/src/main/java/org/apache/stanbol/commons/web/base/CorsHelper.java
(original)
+++
incubator/stanbol/trunk/commons/web/base/src/main/java/org/apache/stanbol/commons/web/base/CorsHelper.java
Tue Oct 4 09:25:04 2011
@@ -42,6 +42,7 @@ public final class CorsHelper {
* The "Access-Control-Request-Headers" header
*/
public static final String REQUEST_HEADERS =
"Access-Control-Request-Headers";
+
/**
* The default methods for the Access-Control-Request-Method header field.
@@ -131,7 +132,9 @@ public final class CorsHelper {
public static boolean enableCORS(ServletContext context,ResponseBuilder
responseBuilder,
HttpHeaders requestHeaders,
String...allowMethods) throws
WebApplicationException {
+ //first check if the Origin is present
if(addCORSOrigin(context,responseBuilder,requestHeaders)){
+ //now add the allowedMethods
boolean added = false;
StringBuilder methods = new StringBuilder();
if(allowMethods != null){
@@ -152,6 +155,26 @@ public final class CorsHelper {
methods.append(CorsHelper.DEFAULT_REQUEST_METHODS);
}
responseBuilder.header(CorsHelper.REQUEST_METHOD,
methods.toString());
+ //third replay parsed "Access-Control-Request-Headers" values
+ //currently there is no need to restrict such headers so the
simplest
+ //way is to return them as they are parsed
+ List<String> requestHeaderValues =
requestHeaders.getRequestHeader(REQUEST_HEADERS);
+ added = false;
+ if(requestHeaderValues != null && !requestHeaderValues.isEmpty()){
+ StringBuilder requestHeader = new StringBuilder();
+ for(String header : requestHeaderValues){
+ if(header != null && !header.isEmpty()){
+ if(added){
+ requestHeader.append(", ");
+ }
+ requestHeader.append(header);
+ added = true;
+ }
+ }
+ if(added){
+ responseBuilder.header(REQUEST_HEADERS,
requestHeader.toString());
+ }
+ }
return true;
} else {
return false;
