You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by li...@inuus.com on 2010/05/05 02:56:30 UTC
Support Cross-Site Request Sharing in Shindig JSONP (issue1109041)
Reviewers: shindig.remailer_gmail.com,
Please review this at http://codereview.appspot.com/1109041/show
Affected files:
M
java/common/src/main/java/org/apache/shindig/common/servlet/HttpUtil.java
M
java/common/src/main/java/org/apache/shindig/protocol/JsonRpcServlet.java
M
java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/RpcServlet.java
M
java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/RpcServletTest.java
Index:
java/common/src/main/java/org/apache/shindig/common/servlet/HttpUtil.java
diff --git
a/java/common/src/main/java/org/apache/shindig/common/servlet/HttpUtil.java
b/java/common/src/main/java/org/apache/shindig/common/servlet/HttpUtil.java
index
d60ac24b982c5be733468483bc2d9e6b65227ed8..dc29ab5142a10e6c592ee315795d90dba4d3ac5b
100644
---
a/java/common/src/main/java/org/apache/shindig/common/servlet/HttpUtil.java
+++
b/java/common/src/main/java/org/apache/shindig/common/servlet/HttpUtil.java
@@ -129,4 +129,8 @@ public class HttpUtil {
}
return true;
}
+
+ public static void setCORSheader(HttpServletResponse resp) {
+ resp.addHeader("Access-Control-Allow-Origin", "*");
+ }
}
\ No newline at end of file
Index:
java/common/src/main/java/org/apache/shindig/protocol/JsonRpcServlet.java
diff --git
a/java/common/src/main/java/org/apache/shindig/protocol/JsonRpcServlet.java
b/java/common/src/main/java/org/apache/shindig/protocol/JsonRpcServlet.java
index
f909391d25ce9ceb96e0fffd6814c8f16aeb219a..78c4e0a7913c5ad86643e23a755e3e653769c56e
100644
---
a/java/common/src/main/java/org/apache/shindig/protocol/JsonRpcServlet.java
+++
b/java/common/src/main/java/org/apache/shindig/protocol/JsonRpcServlet.java
@@ -74,6 +74,7 @@ public class JsonRpcServlet extends ApiServlet {
throws IOException {
setCharacterEncodings(servletRequest, servletResponse);
servletResponse.setContentType(ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
+ HttpUtil.setCORSheader(servletResponse);
// only GET/POST
String method = servletRequest.getMethod();
Index:
java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/RpcServlet.java
diff --git
a/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/RpcServlet.java
b/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/RpcServlet.java
index
a855c0e543154fed52ed26db5b5667eb549c0c8c..9f0de05d1c4f2b8c033b3ac538ab7e838b38941e
100644
---
a/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/RpcServlet.java
+++
b/java/gadgets/src/main/java/org/apache/shindig/gadgets/servlet/RpcServlet.java
@@ -61,6 +61,7 @@ public class RpcServlet extends InjectedServlet {
String reqValue;
String callbackValue;
+ HttpUtil.setCORSheader(response);
try {
// Validate that JSONP request is good, bad callbacks throw an IAE
HttpUtil.isJSONP(request);
Index:
java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/RpcServletTest.java
diff --git
a/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/RpcServletTest.java
b/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/RpcServletTest.java
index
82092576beb1929a923786b3024761763d5ff759..fe9ee8c6705feeccf1a51191e02c099f07599221
100644
---
a/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/RpcServletTest.java
+++
b/java/gadgets/src/test/java/org/apache/shindig/gadgets/servlet/RpcServletTest.java
@@ -30,6 +30,7 @@ import java.io.PrintWriter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.shindig.common.servlet.HttpUtil;
import org.json.JSONException;
import org.json.JSONObject;
import org.junit.Assert;
@@ -143,6 +144,7 @@ public class RpcServletTest extends Assert {
if (contentType != null) {
result.setContentType(contentType);
}
+ HttpUtil.setCORSheader(result);
result.setStatus(httpStatusCode);
replay(result, writer);
return result;