You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by Benson Margulies <bi...@gmail.com> on 2011/12/01 15:01:12 UTC
Re: CORS
I've created org.apache.cxf.jaxrs.cors.CrossOriginResourceSharingFilter,
which is gradually learning to pass all the tests I'm figuring out to
write. It is a complete implementation of the spec AFAICT.
On Sat, Nov 12, 2011 at 2:35 AM, K Fung <kf...@gmail.com> wrote:
> Hello,
>
> Are there any plans to expand this code so that covers both 5.1 and 5.2 of
> the CORS specification (http://www.w3.org/TR/cors?) In particular,
>
> - Not blocking the request of it's an OPTIONS request but doesn't contain
> the Origin header
> - What if the request doesn't contain OPTIONS but does contain the Origin
> header (section 5.1 of the spec)
> - Adding support for Access-Control-Allow-Credentials (section 5.2 of the
> spec, step 7)
> - Adding support for Access-Control-Max-Age (section 5.2 of the spec, step
> 8)
>
> Cheers,
> kl
Re: CORS
Posted by Sergey Beryozkin <sb...@gmail.com>.
On 01/12/11 14:01, Benson Margulies wrote:
> I've created org.apache.cxf.jaxrs.cors.CrossOriginResourceSharingFilter,
> which is gradually learning to pass all the tests I'm figuring out to
> write. It is a complete implementation of the spec AFAICT.
Thanks Benson for doing it :-)
Cheers, Sergey
>
> On Sat, Nov 12, 2011 at 2:35 AM, K Fung<kf...@gmail.com> wrote:
>> Hello,
>>
>> Are there any plans to expand this code so that covers both 5.1 and 5.2 of
>> the CORS specification (http://www.w3.org/TR/cors?) In particular,
>>
>> - Not blocking the request of it's an OPTIONS request but doesn't contain
>> the Origin header
>> - What if the request doesn't contain OPTIONS but does contain the Origin
>> header (section 5.1 of the spec)
>> - Adding support for Access-Control-Allow-Credentials (section 5.2 of the
>> spec, step 7)
>> - Adding support for Access-Control-Max-Age (section 5.2 of the spec, step
>> 8)
>>
>> Cheers,
>> kl