[jira] [Created] (LENS-594) Cross origin resource sharing in LENS

["Bala Nathan (JIRA)" <ji...@apache.org>]

Bala Nathan created LENS-594:
--------------------------------

             Summary: Cross origin resource sharing in LENS
                 Key: LENS-594
                 URL: https://issues.apache.org/jira/browse/LENS-594
             Project: Apache Lens
          Issue Type: Task
          Components: server
            Reporter: Bala Nathan


This is a tracking ticket to support CORS in lens. Lens currently does not have support for CORS (cross origin resource sharing). CORS is needed when the API and frontend run on different subdomains/different ports (i.e cross origin). Currently, I think the frontend service and API that the frontend uses run on port 1999 and hence this is not a problem. However, if one needs to isolate the frontend and API's to be running on different hosts, this would need to be supported. Here's some more info on CORS: http://www.staticapps.org/articles/cross-domain-requests-with-cors 

Essentially, what we need to do is to allow the following response headers to be returned by the server :

Access-Control-Allow-Origin: As described above, this needs to be either the origin of the request or *.

Access-Control-Allow-Methods: This is a comma-separated list of the HTTP methods that are allowed, for example POST, PUT, OPTIONS.

Access-Control-Allow-Headers: A comma-separated list of allowable custom request headers, for example AUTHORIZATION, X-CLIENT-ID, X-CLIENT_SECRET.

As a proof of concept, I have added a CORSResponseFilter (similar to the authentication filter) that adds the above to the response header and I find it to be resolving the problem. Ideally, we would like these response headers to be configurable as part of lens conf (lens-site.xml) with the default behaviour assuming frontend and API can both run on same host. 

Bala



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)