cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <sberyoz...@gmail.com>
Subject Re: [proposal] Cross-Origin JAX-RS annotations
Date Thu, 01 Dec 2011 16:01:07 GMT
On 01/12/11 15:51, Benson Margulies wrote:
> On Thu, Dec 1, 2011 at 10:34 AM, Sergey Beryozkin<sberyozkin@gmail.com>  wrote:
>> On 01/12/11 14:51, Benson Margulies wrote:
>>>
>>> I propose to add the following
>>>
>>> @CorsAllowAllOrigins
>>> @CorsAllowOrigins(  "origin1.", ... "originN" )
>>> @CorsAllowMethods( "meth1" ... "methn" )
>>> @CorsExposeMethods( ... )
>>> @CorsMaxAge(integer)
>>> @CorsAllowCredentials(boolean)
>>>
>>> and make the filter look for them on resources and classes in the usual
>>> way.
>>>
>>> Any objections?
>>
>>
>> Can we collapse it all into a single annotation but with many properties ?
>> @Cors(origins = "...",
>>       methods = "a b c"
>>       allowCredentials = true
>>       )
>>
>> I'd prefer if possible to avoid the explosion of annotations.
>
> I hate space-separated. Can they be String[], or am I stuck with those spaces?
>

Yes, they can

>>
>> Re @CorsAllowMethods( "meth1" ... "methn" ) (or methods = "a b") - is it
>> HTTP methods ?
>
> yes.
>
>> Then how it work on a method annotated with say @POST ? May be it should be
>> a single method value only ?
>
> So we don't need this annotation. If any of the others are there, it
> would imply permission for the method.
>
OK
>> Re CorsAllowOrigins, is it relative URIs ? We'd probably need to think of
>> introducing properties such as absolute.uri, etc, to be reused by other
>> annotation such as SchemaLocation&  XMLInstruction
>
> Origin must be an absolute URI. In fact, it's a list of them due to redirects.
>
> You never need to list 'right here', right here is always allowed.
> It's only necessary to list other places, so I don't see the need for
> anything tricky.
>
Ok, I guess this is an optional property here. But if we have a redirect 
allowed to other endpoint hosted inside the same web app then we may 
have to deal with the substitution - I'll take care of it as I will need 
to do something about it in context of the other work too

Thanks, Sergey

>>
>> Thanks, Sergey


-- 
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Blog: http://sberyozkin.blogspot.com

Mime
View raw message