Thanks a lot Rupert, On 7/6/12 2:53 PM, Rupert Westenthaler wrote:
@OPTIONS public Response handleCorsPreflight(@Context HttpHeaders headers) { ResponseBuilder rb = Response.ok(); enableCORS(servletContext, rb, headers, GET, POST, PUT, DELETE, OPTIONS); return rb.build(); }That's exactly what you need to do. Just make sure that the "@OPTIONS" also matches all sub-resources that need to support PUT and DELETE.
Yes I've done that too. it's in a recent revision.
You do need to call addCORSOrigin() otherwise users would get an error in the actual request - because you are telling the browser that it MUST NOT share the retrieved data with the webpage originating from a different domain.
Yes I am calling addCORSOrigin() already, but should I also explicitly add the supported methods? Right now I am simply passing over the request headers in the PUT and DELETE methods, like this
addCORSOrigin(servletContext, rb, headers); Should I instead do // for the DELETE method addCORSOrigin(servletContext, rb, headers, HttpMethod.DELETE); and // for the PUT method addCORSOrigin(servletContext, rb, headers, HttpMethod.PUT); best, Alessandro -- M.Sc. Alessandro Adamou Alma Mater Studiorum - Università di Bologna Department of Computer Science Mura Anteo Zamboni 7, 40127 Bologna - Italy Semantic Technology Laboratory (STLab) Institute for Cognitive Science and Technology (ISTC) National Research Council (CNR) Via Nomentana 56, 00161 Rome - Italy "I will give you everything, just don't demand anything." (Ettore Petrolini, 1917) Not sent from my iSnobTechDevice
