cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <sberyoz...@gmail.com>
Subject Re: CORS
Date Sun, 13 Nov 2011 16:59:10 GMT
Hi,


On 12/11/11 07:35, K Fung wrote:
> Hello,
>
> Are there any plans to expand this code so that covers both 5.1 and 5.2 of
> the CORS specification (http://www.w3.org/TR/cors?) In particular,
>
> - Not blocking the request of it's an OPTIONS request but doesn't contain
> the Origin header

agreed, a JAX-RS resource class may also contain an @OPTIONS handler,
so the in filter should not block if the resource method has also been 
selected, so if

message.getExchange().get(OperationResourceInfo.class)

returns a non-null value then it should let the request to continue

> - What if the request doesn't contain OPTIONS but does contain the Origin
> header (section 5.1 of the spec)
> - Adding support for Access-Control-Allow-Credentials (section 5.2 of the
> spec, step 7)
> - Adding support for Access-Control-Max-Age (section 5.2 of the spec, step
> 8)
>

Guess the support for the above can also added easily enough, good to 
have so many CORS experts on the list :-)

Cheers, Sergey

> Cheers,
> kl
>


Mime
View raw message