summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrfeng <rfeng@13f79535-47bb-0310-9956-ffa450edef68>2012-04-09 21:03:14 +0000
committerrfeng <rfeng@13f79535-47bb-0310-9956-ffa450edef68>2012-04-09 21:03:14 +0000
commita1c45dd9993558fb0153e1f26675ca278b384d14 (patch)
treee81231deecfc552f81280f70d7a8aa7bd59bf00a
parent10753b34f309db0fbcc484716bafff09faada6fd (diff)
Enhance the CORS processor to set the default values based on the request headers
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1311440 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r--sca-java-2.x/trunk/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java64
1 files changed, 42 insertions, 22 deletions
diff --git a/sca-java-2.x/trunk/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java b/sca-java-2.x/trunk/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java
index 644800c5dc..ffb92f520f 100644
--- a/sca-java-2.x/trunk/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java
+++ b/sca-java-2.x/trunk/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java
@@ -26,34 +26,54 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class CORSHeaderProcessor {
- public static void processCORS(CORSConfiguration config, HttpServletRequest request, HttpServletResponse response) throws IOException {
-
- if(config == null) {
- response.setHeader("Access-Control-Allow-Origin", "*");
- response.setHeader("Access-Control-Allow-Headers", "X-Requested-With, Content-Type");
- if (request.getMethod().equals("OPTIONS")) {
- response.setHeader("Access-Control-Allow-Methods", "OPTIONS, HEAD, GET, POST, PUT, DELETE");
+ public static void processCORS(CORSConfiguration config, HttpServletRequest request, HttpServletResponse response)
+ throws IOException {
+
+ if (config == null) {
+ String allowHeaders = request.getHeader("Access-Control-Request-Headers");
+ if (allowHeaders == null) {
+ allowHeaders = "Content-Type, Accept, Origin, X-Requested-With";
+ }
+ String allowMethods = request.getHeader("Access-Control-Request-Method");
+ if (allowMethods == null) {
+ allowHeaders = "OPTIONS, HEAD, GET, POST, PUT, DELETE";
+ }
+
+ String allowOrigins = request.getHeader("Origin");
+ if (allowOrigins == null) {
+ allowOrigins = "*";
+ }
+
+ response.setHeader("Access-Control-Allow-Origin", allowOrigins);
+ response.setHeader("Access-Control-Allow-Headers", allowHeaders);
+ response.setHeader("Access-Control-Allow-Credentials", "true");
+ if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
+ response.setHeader("Access-Control-Allow-Methods", allowMethods);
response.setHeader("Access-Control-Max-Age", "1728000");
}
return;
}
-
- if(config.allowCredentials) {
- response.setHeader("Access-Control-Allow-Credentials", Boolean.toString(config.isAllowCredentials()));
+
+ if (config.isAllowCredentials()) {
+ response.setHeader("Access-Control-Allow-Credentials", "true");
}
- if(config.getMaxAge() > 0) {
+ if (config.getMaxAge() > 0) {
response.setHeader("Access-Control-Max-Age", Integer.toString(config.getMaxAge()));
}
-
- response.setHeader("Access-Control-Allow-Origin", getAllowOrigins(config));
+
+ response.setHeader("Access-Control-Allow-Origin", getAllowOrigins(config, request));
response.setHeader("Access-Control-Allow-Methods", getAllowMethods(config));
response.setHeader("Access-Control-Allow-Headers", getAllowHeaders(config));
response.setHeader("Access-Control-Expose-Headers", getExposeHeaders(config));
}
-
- private static String getAllowOrigins(CORSConfiguration config) {
- return getListValues(config.getAllowOrigins(), "*");
+
+ private static String getAllowOrigins(CORSConfiguration config, HttpServletRequest request) {
+ String allowOrigins = request.getHeader("Origin");
+ if (allowOrigins == null) {
+ allowOrigins = "*";
+ }
+ return getListValues(config.getAllowOrigins(), allowOrigins);
}
private static String getAllowMethods(CORSConfiguration config) {
@@ -61,24 +81,24 @@ public class CORSHeaderProcessor {
}
private static String getAllowHeaders(CORSConfiguration config) {
- return getListValues(config.getAllowHeaders(), "X-Requested-With, Content-Type");
+ return getListValues(config.getAllowHeaders(), "X-Requested-With, Content-Type, Accept, Origin");
}
-
+
private static String getExposeHeaders(CORSConfiguration config) {
return getListValues(config.getExposeHeaders(), "X-Requested-With, Content-Type");
}
-
+
private static String getListValues(List<String> list, String defaultValue) {
StringBuffer values = new StringBuffer();
- if(list != null && list.isEmpty() == false) {
- for(String value : list) {
+ if (list != null && list.isEmpty() == false) {
+ for (String value : list) {
values.append(value).append(",");
}
values.deleteCharAt(values.length());
} else {
values.append(defaultValue);
}
-
+
return values.toString();
}
}