Author: markt Date: Wed Jun 5 08:21:18 2013 New Revision: 1489738 URL: http://svn.apache.org/r1489738 Log: Documentation tweaks for CORS filter. Patch provided by Mohit Soni.
Modified: tomcat/trunk/webapps/docs/config/filter.xml Modified: tomcat/trunk/webapps/docs/config/filter.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/filter.xml?rev=1489738&r1=1489737&r2=1489738&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/config/filter.xml (original) +++ tomcat/trunk/webapps/docs/config/filter.xml Wed Jun 5 08:21:18 2013 @@ -112,51 +112,51 @@ <p>The minimal configuration required to use this filter is:</p> <source> <filter> - <filter-name>CORSFilter</filter-name> - <filter-class>org.apache.catalina.filters.CORSFilter</filter-class> + <filter-name>CorsFilter</filter-name> + <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> </filter> <filter-mapping> - <filter-name>CORSFilter</filter-name> + <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </source> </subsection> <subsection name="Filter Class Name"> <p>The filter class name for the CORS Filter is - <strong><code>org.apache.catalina.filters.CORSFilter</code></strong>.</p> + <strong><code>org.apache.catalina.filters.CorsFilter</code></strong>.</p> </subsection> <subsection name="Initialisation parameters"> <p>The CORS Filter supports following initialisation parameters:</p> <attributes> <attribute name="cors.allowed.origins" required="false"> <p>A list of <a href="http://tools.ietf.org/html/rfc6454">origins</a> - that are allowed to access the resource. A <code>'*'</code> can be + that are allowed to access the resource. A <code>*</code> can be specified to enable access to resource from any origin. Otherwise, a - whitelist of comma separated origins can be provided. Eg: - http://www.w3.org, https://www.apache.org. + whitelist of comma separated origins can be provided. Eg: <code> + http://www.w3.org, https://www.apache.org</code>. <strong>Defaults:</strong> <code>*</code> (Any origin is allowed to access the resource).</p> </attribute> <attribute name="cors.allowed.methods" required="false"> <p>A comma separated list of HTTP methods that can be used to access the resource, using cross-origin requests. These are the methods which will - also be included as part of 'Access-Control-Allow-Methods' header in a - pre-flight response. Eg: <code>GET,POST</code>. - <strong>Defaults:</strong> <code>GET,POST,HEAD,OPTIONS</code></p> + also be included as part of <code>Access-Control-Allow-Methods</code> + header in pre-flight response. Eg: <code>GET, POST</code>. + <strong>Defaults:</strong> <code>GET, POST, HEAD, OPTIONS</code></p> </attribute> <attribute name="cors.allowed.headers" required="false"> <p>A comma separated list of request headers that can be used when - making an actual request. These header will also be returned as part of - <code>'Access-Control-Allow-Headers'</code> header in a pre-flight + making an actual request. These headers will also be returned as part + of <code>Access-Control-Allow-Headers</code> header in a pre-flight response. Eg: <code>Origin,Accept</code>. <strong>Defaults:</strong> <code>Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers</code></p> </attribute> <attribute name="cors.exposed.headers" required="false"> - <p>A comma separated list of headers other than the simple response - headers that browsers are allowed to access. These are the headers which - will also be included as part of 'Access-Control-Expose-Headers' header - in the pre-flight response. Eg: + <p>A comma separated list of headers other than simple response headers + that browsers are allowed to access. These are the headers which will + also be included as part of <code>Access-Control-Expose-Headers</code> + header in the pre-flight response. Eg: <code>X-CUSTOM-HEADER-PING,X-CUSTOM-HEADER-PONG</code>. <strong>Default:</strong> None. Non-simple headers are not exposed by default.</p> @@ -164,15 +164,15 @@ <attribute name="cors.preflight.maxage" required="false"> <p>The amount of seconds, browser is allowed to cache the result of the pre-flight request. This will be included as part of - <code>'Access-Control-Max-Age'</code> header in the pre-flight response. + <code>Access-Control-Max-Age</code> header in the pre-flight response. A negative value will prevent CORS Filter from adding this response - header from pre-flight response. <strong>Defaults:</strong> + header to pre-flight response. <strong>Defaults:</strong> <code>1800</code></p> </attribute> <attribute name="cors.support.credentials" required="false"> <p>A flag that indicates whether the resource supports user credentials. This flag is exposed as part of - <code>'Access-Control-Allow-Credentials'</code> header in a pre-flight + <code>Access-Control-Allow-Credentials</code> header in a pre-flight response. It helps browser determine whether or not an actual request can be made using credentials. <strong>Defaults:</strong> <code>true</code></p> @@ -187,8 +187,8 @@ defaults:</p> <source> <filter> - <filter-name>CORSFilter</filter-name> - <filter-class>org.apache.catalina.filters.CORSFilter</filter-class> + <filter-name>CorsFilter</filter-name> + <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> <init-param> <param-name>cors.allowed.origins</param-name> <param-value>*</param-value> @@ -215,21 +215,21 @@ </init-param> </filter> <filter-mapping> - <filter-name>CORS Filter</filter-name> + <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </source> </subsection> <subsection name="CORS Filter and HttpServletRequest attributes"> - <p>CORS Filter adds information about a request, in the HttpServletRequest + <p>CORS Filter adds information about the request, in HttpServletRequest object, for consumption downstream. Following attributes are set, if <code>cors.request.decorate</code> initialisation parameter is <code>true</code>:</p> <ul> - <li><strong>cors.isCorsRequest:</strong> Flag to determine if a request is + <li><strong>cors.isCorsRequest:</strong> Flag to determine if request is a CORS request.</li> <li><strong>cors.request.origin:</strong> The Origin URL, i.e. the URL of - the page from where the request is originated.</li> + the page from where the request originated.</li> <li><strong>cors.request.type:</strong> Type of CORS request. Possible values: <ul> @@ -244,8 +244,9 @@ </ul> </li> <li><strong>cors.request.headers:</strong> Request headers sent as - 'Access-Control-Request-Headers' header, for a pre-flight request. - </li> + <code>Access-Control-Request-Headers</code> header, for a pre-flight + request. + </li> </ul> </subsection> </section> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org