cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <sberyoz...@gmail.com>
Subject Re: CORS
Date Thu, 01 Dec 2011 16:02:03 GMT
On 01/12/11 14:01, Benson Margulies wrote:
> I've created org.apache.cxf.jaxrs.cors.CrossOriginResourceSharingFilter,
> which is gradually learning to pass all the tests I'm figuring out to
> write. It is a complete implementation of the spec AFAICT.

Thanks Benson for doing it :-)

Cheers, Sergey

>
> On Sat, Nov 12, 2011 at 2:35 AM, K Fung<kfung4cxf@gmail.com>  wrote:
>> Hello,
>>
>> Are there any plans to expand this code so that covers both 5.1 and 5.2 of
>> the CORS specification (http://www.w3.org/TR/cors?) In particular,
>>
>> - Not blocking the request of it's an OPTIONS request but doesn't contain
>> the Origin header
>> - What if the request doesn't contain OPTIONS but does contain the Origin
>> header (section 5.1 of the spec)
>> - Adding support for Access-Control-Allow-Credentials (section 5.2 of the
>> spec, step 7)
>> - Adding support for Access-Control-Max-Age (section 5.2 of the spec, step
>> 8)
>>
>> Cheers,
>> kl

Mime
View raw message