From a1c45dd9993558fb0153e1f26675ca278b384d14 Mon Sep 17 00:00:00 2001
From: rfeng <rfeng@13f79535-47bb-0310-9956-ffa450edef68>
Date: Mon, 9 Apr 2012 21:03:14 +0000
Subject: Enhance the CORS processor to set the default values based on the
 request headers

git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1311440 13f79535-47bb-0310-9956-ffa450edef68
---
 .../sca/common/http/cors/CORSHeaderProcessor.java  | 64 ++++++++++++++--------
 1 file changed, 42 insertions(+), 22 deletions(-)

(limited to 'sca-java-2.x/trunk/modules/common-http')

diff --git a/sca-java-2.x/trunk/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java b/sca-java-2.x/trunk/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java
index 644800c5dc..ffb92f520f 100644
--- a/sca-java-2.x/trunk/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java
+++ b/sca-java-2.x/trunk/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java
@@ -26,34 +26,54 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 public class CORSHeaderProcessor {
-    public static void processCORS(CORSConfiguration config, HttpServletRequest request, HttpServletResponse response) throws IOException {
-        
-        if(config == null) {
-            response.setHeader("Access-Control-Allow-Origin", "*");
-            response.setHeader("Access-Control-Allow-Headers", "X-Requested-With, Content-Type");
-            if (request.getMethod().equals("OPTIONS")) {
-                response.setHeader("Access-Control-Allow-Methods", "OPTIONS, HEAD, GET, POST, PUT, DELETE");
+    public static void processCORS(CORSConfiguration config, HttpServletRequest request, HttpServletResponse response)
+        throws IOException {
+
+        if (config == null) {
+            String allowHeaders = request.getHeader("Access-Control-Request-Headers");
+            if (allowHeaders == null) {
+                allowHeaders = "Content-Type, Accept, Origin, X-Requested-With";
+            }
+            String allowMethods = request.getHeader("Access-Control-Request-Method");
+            if (allowMethods == null) {
+                allowHeaders = "OPTIONS, HEAD, GET, POST, PUT, DELETE";
+            }
+
+            String allowOrigins = request.getHeader("Origin");
+            if (allowOrigins == null) {
+                allowOrigins = "*";
+            }
+
+            response.setHeader("Access-Control-Allow-Origin", allowOrigins);
+            response.setHeader("Access-Control-Allow-Headers", allowHeaders);
+            response.setHeader("Access-Control-Allow-Credentials", "true");
+            if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
+                response.setHeader("Access-Control-Allow-Methods", allowMethods);
                 response.setHeader("Access-Control-Max-Age", "1728000");
             }
             return;
         }
-        
-        if(config.allowCredentials) {
-            response.setHeader("Access-Control-Allow-Credentials", Boolean.toString(config.isAllowCredentials()));
+
+        if (config.isAllowCredentials()) {
+            response.setHeader("Access-Control-Allow-Credentials", "true");
         }
 
-        if(config.getMaxAge() > 0) {
+        if (config.getMaxAge() > 0) {
             response.setHeader("Access-Control-Max-Age", Integer.toString(config.getMaxAge()));
         }
-        
-        response.setHeader("Access-Control-Allow-Origin", getAllowOrigins(config));
+
+        response.setHeader("Access-Control-Allow-Origin", getAllowOrigins(config, request));
         response.setHeader("Access-Control-Allow-Methods", getAllowMethods(config));
         response.setHeader("Access-Control-Allow-Headers", getAllowHeaders(config));
         response.setHeader("Access-Control-Expose-Headers", getExposeHeaders(config));
     }
-    
-    private static String getAllowOrigins(CORSConfiguration config) {
-        return getListValues(config.getAllowOrigins(), "*");
+
+    private static String getAllowOrigins(CORSConfiguration config, HttpServletRequest request) {
+        String allowOrigins = request.getHeader("Origin");
+        if (allowOrigins == null) {
+            allowOrigins = "*";
+        }
+        return getListValues(config.getAllowOrigins(), allowOrigins);
     }
 
     private static String getAllowMethods(CORSConfiguration config) {
@@ -61,24 +81,24 @@ public class CORSHeaderProcessor {
     }
 
     private static String getAllowHeaders(CORSConfiguration config) {
-        return getListValues(config.getAllowHeaders(), "X-Requested-With, Content-Type");
+        return getListValues(config.getAllowHeaders(), "X-Requested-With, Content-Type, Accept, Origin");
     }
-    
+
     private static String getExposeHeaders(CORSConfiguration config) {
         return getListValues(config.getExposeHeaders(), "X-Requested-With, Content-Type");
     }
-    
+
     private static String getListValues(List<String> list, String defaultValue) {
         StringBuffer values = new StringBuffer();
-        if(list != null && list.isEmpty() == false) {
-            for(String value : list) {
+        if (list != null && list.isEmpty() == false) {
+            for (String value : list) {
                 values.append(value).append(",");
             }
             values.deleteCharAt(values.length());
         } else {
             values.append(defaultValue);
         }
-        
+
         return values.toString();
     }
 }
-- 
cgit v1.2.3