Return-Path: X-Original-To: apmail-cxf-dev-archive@www.apache.org Delivered-To: apmail-cxf-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id BBC537AE4 for ; Thu, 1 Dec 2011 15:34:53 +0000 (UTC) Received: (qmail 38791 invoked by uid 500); 1 Dec 2011 15:34:53 -0000 Delivered-To: apmail-cxf-dev-archive@cxf.apache.org Received: (qmail 38621 invoked by uid 500); 1 Dec 2011 15:34:53 -0000 Mailing-List: contact dev-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list dev@cxf.apache.org Received: (qmail 38613 invoked by uid 99); 1 Dec 2011 15:34:53 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Dec 2011 15:34:53 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of sberyozkin@gmail.com designates 209.85.215.169 as permitted sender) Received: from [209.85.215.169] (HELO mail-ey0-f169.google.com) (209.85.215.169) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Dec 2011 15:34:44 +0000 Received: by eaah1 with SMTP id h1so2764504eaa.0 for ; Thu, 01 Dec 2011 07:34:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=tSFptvX0/AW562RKVocJ+DHecgsT+zafxx+JpdGkzG4=; b=SU/qXkv6rLQKMlgG6jIwD8z90DO2deb72PuQDHo1kSWnVMEHIu0lYBLTKFg2pae10l c0CQYrC7ecTIhyYAGtoeWXddotDAUniLkTvC7b4WKkV/kIvrzbSFqlbDx/CLJPN05Hxv tGbf3trVuCh1dfPunnf58sM+9YGIw9d2tns+s= Received: by 10.216.229.6 with SMTP id g6mr524488weq.62.1322753664125; Thu, 01 Dec 2011 07:34:24 -0800 (PST) Received: from [192.168.2.3] ([89.100.138.187]) by mx.google.com with ESMTPS id d17sm6222147wbh.19.2011.12.01.07.34.22 (version=SSLv3 cipher=OTHER); Thu, 01 Dec 2011 07:34:23 -0800 (PST) Message-ID: <4ED79E7D.1040504@gmail.com> Date: Thu, 01 Dec 2011 15:34:21 +0000 From: Sergey Beryozkin User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.18) Gecko/20110617 Thunderbird/3.1.11 MIME-Version: 1.0 To: dev@cxf.apache.org Subject: Re: [proposal] Cross-Origin JAX-RS annotations References: In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org On 01/12/11 14:51, Benson Margulies wrote: > I propose to add the following > > @CorsAllowAllOrigins > @CorsAllowOrigins( "origin1.", ... "originN" ) > @CorsAllowMethods( "meth1" ... "methn" ) > @CorsExposeMethods( ... ) > @CorsMaxAge(integer) > @CorsAllowCredentials(boolean) > > and make the filter look for them on resources and classes in the usual way. > > Any objections? Can we collapse it all into a single annotation but with many properties ? @Cors(origins = "...", methods = "a b c" allowCredentials = true ) I'd prefer if possible to avoid the explosion of annotations. Re @CorsAllowMethods( "meth1" ... "methn" ) (or methods = "a b") - is it HTTP methods ? Then how it work on a method annotated with say @POST ? May be it should be a single method value only ? Re CorsAllowOrigins, is it relative URIs ? We'd probably need to think of introducing properties such as absolute.uri, etc, to be reused by other annotation such as SchemaLocation & XMLInstruction Thanks, Sergey