Hi sorry a bit late but ...
On Fri, Jul 6, 2012 at 10:50 AM, Alessandro Adamou <[email protected]> wrote: > I'm afraid I'm going to need help from other Stanbolers, as like I said I > don't really dig CORS very much :( > > In the revision I mentioned, I had this preflight method in the Session > resource: > > @OPTIONS > public Response handleCorsPreflight(@Context HttpHeaders headers) { > ResponseBuilder rb = Response.ok(); > enableCORS(servletContext, rb, headers, GET, POST, PUT, DELETE, > OPTIONS); > return rb.build(); > } > > I thought that manually adding supported methods in the OPTIONS request was > enough. That's exactly what you need to do. Just make sure that the "@OPTIONS" also matches all sub-resources that need to support PUT and DELETE. An annotation like in the above example would AFAIK only be applied to the path of the resource and not to sub-resources. > > Maybe I should do that in the addCORSOrigin() call for the PUT and DELETE > methods as well? > You do need to call addCORSOrigin() otherwise users would get an error in the actual request - because you are telling the browser that it MUST NOT share the retrieved data with the webpage originating from a different domain. Hope this helps best Rupert -- | Rupert Westenthaler [email protected] | Bodenlehenstraße 11 ++43-699-11108907 | A-5500 Bischofshofen
