cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benson Margulies <bimargul...@gmail.com>
Subject Re: [proposal] Cross-Origin JAX-RS annotations
Date Thu, 01 Dec 2011 15:51:29 GMT
On Thu, Dec 1, 2011 at 10:34 AM, Sergey Beryozkin <sberyozkin@gmail.com> wrote:
> On 01/12/11 14:51, Benson Margulies wrote:
>>
>> I propose to add the following
>>
>> @CorsAllowAllOrigins
>> @CorsAllowOrigins(  "origin1.", ... "originN" )
>> @CorsAllowMethods( "meth1" ... "methn" )
>> @CorsExposeMethods( ... )
>> @CorsMaxAge(integer)
>> @CorsAllowCredentials(boolean)
>>
>> and make the filter look for them on resources and classes in the usual
>> way.
>>
>> Any objections?
>
>
> Can we collapse it all into a single annotation but with many properties ?
> @Cors(origins = "...",
>      methods = "a b c"
>      allowCredentials = true
>      )
>
> I'd prefer if possible to avoid the explosion of annotations.

I hate space-separated. Can they be String[], or am I stuck with those spaces?

>
> Re @CorsAllowMethods( "meth1" ... "methn" ) (or methods = "a b") - is it
> HTTP methods ?

yes.

> Then how it work on a method annotated with say @POST ? May be it should be
> a single method value only ?

So we don't need this annotation. If any of the others are there, it
would imply permission for the method.

> Re CorsAllowOrigins, is it relative URIs ? We'd probably need to think of
> introducing properties such as absolute.uri, etc, to be reused by other
> annotation such as SchemaLocation & XMLInstruction

Origin must be an absolute URI. In fact, it's a list of them due to redirects.

You never need to list 'right here', right here is always allowed.
It's only necessary to list other places, so I don't see the need for
anything tricky.

>
> Thanks, Sergey

Mime
View raw message