Hi,
On 12/11/11 07:35, K Fung wrote:
Hello,
Are there any plans to expand this code so that covers both 5.1 and 5.2 of
the CORS specification (http://www.w3.org/TR/cors?) In particular,
- Not blocking the request of it's an OPTIONS request but doesn't contain
the Origin header
agreed, a JAX-RS resource class may also contain an @OPTIONS handler,
so the in filter should not block if the resource method has also been
selected, so if
message.getExchange().get(OperationResourceInfo.class)
returns a non-null value then it should let the request to continue
- What if the request doesn't contain OPTIONS but does contain the Origin
header (section 5.1 of the spec)
- Adding support for Access-Control-Allow-Credentials (section 5.2 of the
spec, step 7)
- Adding support for Access-Control-Max-Age (section 5.2 of the spec, step
8)
Guess the support for the above can also added easily enough, good to
have so many CORS experts on the list :-)
Cheers, Sergey
Cheers,
kl
