diff options
author | rfeng <rfeng@13f79535-47bb-0310-9956-ffa450edef68> | 2012-04-09 21:03:14 +0000 |
---|---|---|
committer | rfeng <rfeng@13f79535-47bb-0310-9956-ffa450edef68> | 2012-04-09 21:03:14 +0000 |
commit | a1c45dd9993558fb0153e1f26675ca278b384d14 (patch) | |
tree | e81231deecfc552f81280f70d7a8aa7bd59bf00a /sca-java-2.x/trunk | |
parent | 10753b34f309db0fbcc484716bafff09faada6fd (diff) |
Enhance the CORS processor to set the default values based on the request headers
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1311440 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'sca-java-2.x/trunk')
-rw-r--r-- | sca-java-2.x/trunk/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java | 64 |
1 files changed, 42 insertions, 22 deletions
diff --git a/sca-java-2.x/trunk/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java b/sca-java-2.x/trunk/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java index 644800c5dc..ffb92f520f 100644 --- a/sca-java-2.x/trunk/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java +++ b/sca-java-2.x/trunk/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java @@ -26,34 +26,54 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class CORSHeaderProcessor { - public static void processCORS(CORSConfiguration config, HttpServletRequest request, HttpServletResponse response) throws IOException { - - if(config == null) { - response.setHeader("Access-Control-Allow-Origin", "*"); - response.setHeader("Access-Control-Allow-Headers", "X-Requested-With, Content-Type"); - if (request.getMethod().equals("OPTIONS")) { - response.setHeader("Access-Control-Allow-Methods", "OPTIONS, HEAD, GET, POST, PUT, DELETE"); + public static void processCORS(CORSConfiguration config, HttpServletRequest request, HttpServletResponse response) + throws IOException { + + if (config == null) { + String allowHeaders = request.getHeader("Access-Control-Request-Headers"); + if (allowHeaders == null) { + allowHeaders = "Content-Type, Accept, Origin, X-Requested-With"; + } + String allowMethods = request.getHeader("Access-Control-Request-Method"); + if (allowMethods == null) { + allowHeaders = "OPTIONS, HEAD, GET, POST, PUT, DELETE"; + } + + String allowOrigins = request.getHeader("Origin"); + if (allowOrigins == null) { + allowOrigins = "*"; + } + + response.setHeader("Access-Control-Allow-Origin", allowOrigins); + response.setHeader("Access-Control-Allow-Headers", allowHeaders); + response.setHeader("Access-Control-Allow-Credentials", "true"); + if ("OPTIONS".equalsIgnoreCase(request.getMethod())) { + response.setHeader("Access-Control-Allow-Methods", allowMethods); response.setHeader("Access-Control-Max-Age", "1728000"); } return; } - - if(config.allowCredentials) { - response.setHeader("Access-Control-Allow-Credentials", Boolean.toString(config.isAllowCredentials())); + + if (config.isAllowCredentials()) { + response.setHeader("Access-Control-Allow-Credentials", "true"); } - if(config.getMaxAge() > 0) { + if (config.getMaxAge() > 0) { response.setHeader("Access-Control-Max-Age", Integer.toString(config.getMaxAge())); } - - response.setHeader("Access-Control-Allow-Origin", getAllowOrigins(config)); + + response.setHeader("Access-Control-Allow-Origin", getAllowOrigins(config, request)); response.setHeader("Access-Control-Allow-Methods", getAllowMethods(config)); response.setHeader("Access-Control-Allow-Headers", getAllowHeaders(config)); response.setHeader("Access-Control-Expose-Headers", getExposeHeaders(config)); } - - private static String getAllowOrigins(CORSConfiguration config) { - return getListValues(config.getAllowOrigins(), "*"); + + private static String getAllowOrigins(CORSConfiguration config, HttpServletRequest request) { + String allowOrigins = request.getHeader("Origin"); + if (allowOrigins == null) { + allowOrigins = "*"; + } + return getListValues(config.getAllowOrigins(), allowOrigins); } private static String getAllowMethods(CORSConfiguration config) { @@ -61,24 +81,24 @@ public class CORSHeaderProcessor { } private static String getAllowHeaders(CORSConfiguration config) { - return getListValues(config.getAllowHeaders(), "X-Requested-With, Content-Type"); + return getListValues(config.getAllowHeaders(), "X-Requested-With, Content-Type, Accept, Origin"); } - + private static String getExposeHeaders(CORSConfiguration config) { return getListValues(config.getExposeHeaders(), "X-Requested-With, Content-Type"); } - + private static String getListValues(List<String> list, String defaultValue) { StringBuffer values = new StringBuffer(); - if(list != null && list.isEmpty() == false) { - for(String value : list) { + if (list != null && list.isEmpty() == false) { + for (String value : list) { values.append(value).append(","); } values.deleteCharAt(values.length()); } else { values.append(defaultValue); } - + return values.toString(); } } |