On 01/12/11 14:01, Benson Margulies wrote:
I've created org.apache.cxf.jaxrs.cors.CrossOriginResourceSharingFilter,
which is gradually learning to pass all the tests I'm figuring out to
write. It is a complete implementation of the spec AFAICT.
Thanks Benson for doing it :-)
Cheers, Sergey
On Sat, Nov 12, 2011 at 2:35 AM, K Fung<[email protected]> wrote:
Hello,
Are there any plans to expand this code so that covers both 5.1 and 5.2 of
the CORS specification (http://www.w3.org/TR/cors?) In particular,
- Not blocking the request of it's an OPTIONS request but doesn't contain
the Origin header
- What if the request doesn't contain OPTIONS but does contain the Origin
header (section 5.1 of the spec)
- Adding support for Access-Control-Allow-Credentials (section 5.2 of the
spec, step 7)
- Adding support for Access-Control-Max-Age (section 5.2 of the spec, step
8)
Cheers,
kl
