Henry, André, this is a first changeset to enable credentialled CORS support, and fixing the handling of the "secure" property in these classes. I'm planning to do a bit more
a) output a warning when a CORS request fails (similar to what we have with crossdomain request in Flash) b) Use the secureport value when detecting a CORS request. But I have a question on that: What should happen if the user specifices the port as part of the @src attribute on the dataset, and doesn't set the secureport property? Raju Change raju-20110502-REe by [email protected] on 2011-05-02 14:00:46 CEST in /Users/raju/src/svn/openlaszlo/cors for http://svn.openlaszlo.org/openlaszlo/trunk Summary: Add CORS support (including credentialled requests) to the LFC data classes New Features: Support credentialled cross-origin resource sharing requests. Bugs Fixed: LPP-9922,LPP-9923 Technical Reviewer: [email protected],[email protected] QA Reviewer: (pending) Doc Reviewer: (pending) Documentation: New attribute @credentialled is documented on the dataset tag. Release Notes: Datasets in DHTML runtime support cross-origin resource sharing requests with credentials and cookies now. Overview: Add support for credentialled cross-origin resource sharing requests by setting the property 'withCredentials' on the XHR object to 'true'. Details: LzDataset.lzs: * property credentialled added to dataset. The value of this property will be used for the XHR.withCredentials property when loading the data. LzHTTPDataProvider.lzs * method makeLoader: set the credentialled value on the LzHTTPLoader object. * method makeLoader: remove unnecessary check if (secure == null) {, when setting the secure value on the LzHTTPLoader object. LzHTTPDataRequest.lzs * property credentialled added. * method set LzHTTPLoader.js * add properties iscors and credentialled. * method LzHTTPLoader.prototype.setCredentialled added. * method LzHTTPLoader.prototype.checkIfCORS added. Used to check if a request is a CORS request based on domain/host and port of the request. LzHTTPLoader.as * property credentialled added. * setter method setCredentialled added. Tests: LZX test file added test/data/dhtml-cross-origin-dataset.lzx. The test relies on a test webapp application running on http://localhost:9000/cors. The source code with a Maven pom file for running the webapp in Jetty can be downloaded here: https://github.com/raju-bitter/openlaszlo-cors-test After downloading the files, go into the folder openlaszlo-cors-test and execute mvn jetty:run Maven will download all dependencies, and launch the Jetty server on port 9000. If you navigate your browser to http://localhost:9000/cors you can find some information on the test application and the URLs used. Files: A test/data/dhtml-cross-origin-dataset.lzx M WEB-INF/lps/lfc/kernel/dhtml/LzHTTPLoader.js M WEB-INF/lps/lfc/kernel/swf9/LzHTTPLoader.as M WEB-INF/lps/lfc/data/LzHTTPDataRequest.lzs M WEB-INF/lps/lfc/data/LzHTTPDataProvider.lzs M WEB-INF/lps/lfc/data/LzDataset.lzs M build.properties Changeset: http://svn.openlaszlo.org/openlaszlo/patches/raju-20110502-REe.tar
