CORS Support in Sling

[Chetan Mehrotra <ch...@gmail.com>]

For one of our web applications we require CORS [1] support in Sling.
Looking at the requirements for CORS I think it would be best
fulfilled by a simple servlet filter. Currently there is one
implementation for Java [2] which provides such a filter.

Any suggestions on how it should be implemented keeping in mind the
Sling design? One possible way is to capture CORS related rules as
content data in repository like we do for mapping url. The rules can
be captured in same way as it is being done in AWS [4]. Also the code
can be part of Sling Security bundle (which has CSRF filter) or can be
part of new bundle

Thoughts?

Chetan Mehrotra

[1] http://www.w3.org/TR/cors/
[2] https://github.com/LuisSala/CORS-Java-Servlet-Filter
[3] https://github.com/apache/sling/tree/trunk/contrib/extensions/security
[4] http://docs.amazonwebservices.com/AmazonS3/latest/dev/cors.html

Re: CORS Support in Sling

[Chetan Mehrotra <ch...@gmail.com>]

Thanks Justin for the pointers would have a look at them. Having
access information closer to resource being accessed would be good.

Chetan Mehrotra


On Wed, Oct 31, 2012 at 6:46 PM, Justin Edelson
<ju...@justinedelson.com> wrote:
> Hi Chetan,
> The way I've imagined this working is via properties set on the
> resource type resource. I did something similar in a POC of rules for
> selector/extension/suffixes:
> http://svn.apache.org/repos/asf/sling/trunk/samples/urlfilter/src/main/java/org/apache/sling/samples/urlfilter/impl/UrlFilter.java
>
> Justin
>
> On Wed, Oct 31, 2012 at 12:19 AM, Chetan Mehrotra
> <ch...@gmail.com> wrote:
>> For one of our web applications we require CORS [1] support in Sling.
>> Looking at the requirements for CORS I think it would be best
>> fulfilled by a simple servlet filter. Currently there is one
>> implementation for Java [2] which provides such a filter.
>>
>> Any suggestions on how it should be implemented keeping in mind the
>> Sling design? One possible way is to capture CORS related rules as
>> content data in repository like we do for mapping url. The rules can
>> be captured in same way as it is being done in AWS [4]. Also the code
>> can be part of Sling Security bundle (which has CSRF filter) or can be
>> part of new bundle
>>
>> Thoughts?
>>
>> Chetan Mehrotra
>>
>> [1] http://www.w3.org/TR/cors/
>> [2] https://github.com/LuisSala/CORS-Java-Servlet-Filter
>> [3] https://github.com/apache/sling/tree/trunk/contrib/extensions/security
>> [4] http://docs.amazonwebservices.com/AmazonS3/latest/dev/cors.html

Re: CORS Support in Sling

[Justin Edelson <ju...@justinedelson.com>]

Hi Chetan,
The way I've imagined this working is via properties set on the
resource type resource. I did something similar in a POC of rules for
selector/extension/suffixes:
http://svn.apache.org/repos/asf/sling/trunk/samples/urlfilter/src/main/java/org/apache/sling/samples/urlfilter/impl/UrlFilter.java

Justin

On Wed, Oct 31, 2012 at 12:19 AM, Chetan Mehrotra
<ch...@gmail.com> wrote:
> For one of our web applications we require CORS [1] support in Sling.
> Looking at the requirements for CORS I think it would be best
> fulfilled by a simple servlet filter. Currently there is one
> implementation for Java [2] which provides such a filter.
>
> Any suggestions on how it should be implemented keeping in mind the
> Sling design? One possible way is to capture CORS related rules as
> content data in repository like we do for mapping url. The rules can
> be captured in same way as it is being done in AWS [4]. Also the code
> can be part of Sling Security bundle (which has CSRF filter) or can be
> part of new bundle
>
> Thoughts?
>
> Chetan Mehrotra
>
> [1] http://www.w3.org/TR/cors/
> [2] https://github.com/LuisSala/CORS-Java-Servlet-Filter
> [3] https://github.com/apache/sling/tree/trunk/contrib/extensions/security
> [4] http://docs.amazonwebservices.com/AmazonS3/latest/dev/cors.html