Bala Nathan created LENS-594:
--------------------------------
Summary: Cross origin resource sharing in LENS
Key: LENS-594
URL: https://issues.apache.org/jira/browse/LENS-594
Project: Apache Lens
Issue Type: Task
Components: server
Reporter: Bala Nathan
This is a tracking ticket to support CORS in lens. Lens currently does not have
support for CORS (cross origin resource sharing). CORS is needed when the API
and frontend run on different subdomains/different ports (i.e cross origin).
Currently, I think the frontend service and API that the frontend uses run on
port 1999 and hence this is not a problem. However, if one needs to isolate the
frontend and API's to be running on different hosts, this would need to be
supported. Here's some more info on CORS:
http://www.staticapps.org/articles/cross-domain-requests-with-cors
Essentially, what we need to do is to allow the following response headers to
be returned by the server :
Access-Control-Allow-Origin: As described above, this needs to be either the
origin of the request or *.
Access-Control-Allow-Methods: This is a comma-separated list of the HTTP
methods that are allowed, for example POST, PUT, OPTIONS.
Access-Control-Allow-Headers: A comma-separated list of allowable custom
request headers, for example AUTHORIZATION, X-CLIENT-ID, X-CLIENT_SECRET.
As a proof of concept, I have added a CORSResponseFilter (similar to the
authentication filter) that adds the above to the response header and I find it
to be resolving the problem. Ideally, we would like these response headers to
be configurable as part of lens conf (lens-site.xml) with the default behaviour
assuming frontend and API can both run on same host.
Bala
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
