> On Oct. 1, 2013, 1:18 p.m., Rich Thompson wrote: > > I think the default should be the CORS support is included, but disabled > > until the security issues noted are addressed.
The security issues being the fact that the configuration in the web.xml is too open? - Ryan ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/14406/#review26551 ----------------------------------------------------------- On Oct. 1, 2013, 2:25 a.m., Mike Pawlowski wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/14406/ > ----------------------------------------------------------- > > (Updated Oct. 1, 2013, 2:25 a.m.) > > > Review request for shindig. > > > Bugs: https://issues.apache.org/jira/browse/SHINDIG-1927 > > https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/SHINDIG-1927 > > > Repository: shindig > > > Description > ------- > > Attached a patch to implement full CORS support in Apache Shindig via the > open source CORS servlet filter: > > Name: CORS Filter > Version: 1.7.1 > Homepage: http://software.dzhuvinov.com/cors-filter.html > License(s): Apache License, Version 2.0 (License link is broken) > Downloaded From: http://search.maven.org/#browse%7C540685910 > Notes: N/A > > Name: Java Property Utility > Version: 1.9 > Homepage: http://software.dzhuvinov.com/cors-filter-installation.html > License(s): Apache License, Version 2.0 (License link is broken) > Downloaded From: http://search.maven.org/#browse%7C-89813813 > Notes: Required dependency for "CORS Filter" > > See JIRA issue for details: https://issues.apache.org/jira/browse/SHINDIG-1927 > > Please note that this patch relies on the patch attached to the following > JIRA issue: > Remove partial implementation of CORS support > https://issues.apache.org/jira/browse/SHINDIG-1934 > > > Diffs > ----- > > > http://svn.apache.org/repos/asf/shindig/trunk/java/server-resources/src/main/webapp/WEB-INF/web.xml > 1527855 > http://svn.apache.org/repos/asf/shindig/trunk/pom.xml 1527855 > > Diff: https://reviews.apache.org/r/14406/diff/ > > > Testing > ------- > > * Build was successful (except for a few unrelated build hiccups) > * Manual testing was successful > => Test environment: > - (I) Shindig server deployed as a stand alone app hosted on its own > domain; > - (II) Common container utilized by another app hosted on its own > domain > => Cross domain POST HTTP request was successful > - e.g. > http://localhost:9082/rpc?st=ownerId%3AviewerId%3Aappid%3Ashindig%3Aurl%3A0%3Adefault > > > Thanks, > > Mike Pawlowski > >
