You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@activemq.apache.org by ch...@apache.org on 2012/04/18 14:33:36 UTC

svn commit: r1327478 - /activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/web/AllowAnyOriginFilter.scala

Author: chirino
Date: Wed Apr 18 12:33:36 2012
New Revision: 1327478

URL: http://svn.apache.org/viewvc?rev=1327478&view=rev
Log:
Fixes APLO-188: Add "Access-Control-Allow-Methods" and "Access-Control-Allow-Headers" to CORS requests

Modified:
    activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/web/AllowAnyOriginFilter.scala

Modified: activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/web/AllowAnyOriginFilter.scala
URL: http://svn.apache.org/viewvc/activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/web/AllowAnyOriginFilter.scala?rev=1327478&r1=1327477&r2=1327478&view=diff
==============================================================================
--- activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/web/AllowAnyOriginFilter.scala (original)
+++ activemq/activemq-apollo/trunk/apollo-broker/src/main/scala/org/apache/activemq/apollo/broker/web/AllowAnyOriginFilter.scala Wed Apr 18 12:33:36 2012
@@ -18,6 +18,7 @@ package org.apache.activemq.apollo.broke
 
 import javax.servlet._
 import http.{HttpServletRequest, HttpServletResponse}
+import java.util.concurrent.TimeUnit._
 
 /**
  * Servlet filter which adds a 'Access-Control-Allow-Origin: *' HTTP header
@@ -33,11 +34,22 @@ class AllowAnyOriginFilter(val allowed:S
   override def doFilter(request: ServletRequest, response: ServletResponse, chain: FilterChain) = {
     response match {
       case response: HttpServletResponse =>
+        val req = request.asInstanceOf[HttpServletRequest]
         if( allow_any ) {
+          if ( req.getMethod == "OPTIONS" ) {
+            response.addHeader("Access-Control-Request-Method", "GET, POST, PUT, DELETE");
+            response.addHeader("Access-Control-Request-Headers", "");
+            response.addHeader("Access-Control-Max-Age", ""+DAYS.toSeconds(1));
+          }
           response.addHeader("Access-Control-Allow-Origin", "*");
         } else {
           for( origin <- Option(request.asInstanceOf[HttpServletRequest].getHeader("Origin")) ) {
             if ( allowed.contains(origin) ) {
+              if ( req.getMethod == "OPTIONS" ) {
+                response.addHeader("Access-Control-Request-Method", "GET, POST, PUT, DELETE");
+                response.addHeader("Access-Control-Request-Headers", "");
+                response.addHeader("Access-Control-Max-Age", ""+DAYS.toSeconds(1));
+              }
               response.addHeader("Access-Control-Allow-Origin", origin);
             }
           }