You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@lens.apache.org by "Rajat Khandelwal (JIRA)" <ji...@apache.org> on 2015/06/23 14:23:00 UTC

[jira] [Commented] (LENS-594) Cross origin resource sharing in LENS

    [ https://issues.apache.org/jira/browse/LENS-594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14597569#comment-14597569 ] 

Rajat Khandelwal commented on LENS-594:
---------------------------------------

Hi [~balaknathan] I'm assigning it to you. Please provide a patch. 

> Cross origin resource sharing in LENS
> -------------------------------------
>
>                 Key: LENS-594
>                 URL: https://issues.apache.org/jira/browse/LENS-594
>             Project: Apache Lens
>          Issue Type: Task
>          Components: server
>            Reporter: Bala Nathan
>
> This is a tracking ticket to support CORS in lens. Lens currently does not have support for CORS (cross origin resource sharing). CORS is needed when the API and frontend run on different subdomains/different ports (i.e cross origin). Currently, I think the frontend service and API that the frontend uses run on port 1999 and hence this is not a problem. However, if one needs to isolate the frontend and API's to be running on different hosts, this would need to be supported. Here's some more info on CORS: http://www.staticapps.org/articles/cross-domain-requests-with-cors 
> Essentially, what we need to do is to allow the following response headers to be returned by the server :
> Access-Control-Allow-Origin: As described above, this needs to be either the origin of the request or *.
> Access-Control-Allow-Methods: This is a comma-separated list of the HTTP methods that are allowed, for example POST, PUT, OPTIONS.
> Access-Control-Allow-Headers: A comma-separated list of allowable custom request headers, for example AUTHORIZATION, X-CLIENT-ID, X-CLIENT_SECRET.
> As a proof of concept, I have added a CORSResponseFilter (similar to the authentication filter) that adds the above to the response header and I find it to be resolving the problem. Ideally, we would like these response headers to be configurable as part of lens conf (lens-site.xml) with the default behaviour assuming frontend and API can both run on same host. 
> Bala



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)