Thanks a lot, Henry. I removed the debug statements I had added for testing.
On May 4, 2011, at 1:18 AM, Henry Minsky wrote: > approved ! > > need to remove those debug statements or conditionalize them to some debug > log level > > > > On Tue, May 3, 2011 at 2:51 PM, Raju <[email protected]> wrote: > I've added a fix for LPP-9917 as well (show a warning when a CORS request > fails). > > Raju > ------ > > Change raju-20110502-REe by [email protected] on 2011-05-02 14:00:46 CEST > in /Users/raju/src/svn/openlaszlo/cors > for http://svn.openlaszlo.org/openlaszlo/trunk > > Summary: Add CORS support (including credentialled requests) to the LFC data > classes. > > New Features: > Add cross-origin resource sharing (CORS) support for LzHTTPLoader.js (DHTML) > Support credentialled cross-origin resource sharing requests. > Show warning message for failed CORS requests in the DHTML runtime. > > Bugs Fixed: LPP-9922,LPP-9923,LPP-9917 > > Technical Reviewer: [email protected],[email protected] > QA Reviewer: (pending) > Doc Reviewer: (pending) > > Documentation: > New attribute @credentialled is documented on the dataset tag. > > Release Notes: > Datasets in DHTML runtime support cross-origin resource sharing requests with > credentials and cookies now. If a CORS request fails, a warning message will > be displayed in the Laszlo Debug window. > > Overview: > Full support for cross-origin resource sharing requests (SOLO, unproxied) in > the DHTML runtime. If a CORS request fails without delivering a response > status code, a warning message will be shown, e.g. "WARNING: Cross-domain > data request to localhost with URL > http://localhost:9000/cors/corstest/wrongOrigin failed. Make sure that your > server is configured for cross-origin resource sharing." > > Details: > LzDataset.lzs: > * property credentialled added to dataset. The value of this property will be > used for the XHR.withCredentials property when loading the data. > > LzHTTPDataProvider.lzs > * method makeLoader: set the credentialled value on the LzHTTPLoader object. > * method makeLoader: remove unnecessary check if (secure == null) {, when > setting the secure value on the LzHTTPLoader object. > > LzHTTPDataRequest.lzs > * property credentialled added. > * method set > > LzHTTPLoader.js > * add properties iscors and credentialled. > * method LzHTTPLoader.prototype.setCredentialled added. > * method LzHTTPLoader.prototype.checkIfCORS added. Used to check if a request > is a CORS request based on domain/host and port of the request. > * show warning message within the onreadystatechange handler, when a CORS > request fails. > > LzHTTPLoader.as > * property credentialled added. > * setter method setCredentialled added. > > Tests: > LZX test file added test/data/dhtml-cross-origin-dataset.lzx. The test relies > on a test webapp application running on http://localhost:9000/cors. The > source code with a Maven pom file for running the webapp in Jetty can be > downloaded here: > https://github.com/raju-bitter/openlaszlo-cors-test > > After downloading the files, go into the folder openlaszlo-cors-test and > execute > mvn jetty:run > > Maven will download all dependencies, and launch the Jetty server on port > 9000. Open the LZX test file test/data/dhtml-cross-origin-dataset.lzx using > the DHTML runtime, and execute the following actions: > > 1) Clear all browser cookies > > 2) Click on button "CORS POST / Access-Control-Allow-Origin mismatch". You > should the following warnings/errors in the debug window: > WARNING: Cross-domain data request to localhost with URL > http://localhost:9000/cors/corstest/wrongOrigin failed. Make sure that your > server is configured for cross-origin resource sharing. > ERROR: wrongOriginDS.onerror > > 3) Click on button "CORS POST / withCredentials=true". This will set the > cookie with the name "coorscookie" in the browser. > > 4) Click on button "CORS POST / withCredentials=true". > You should now see the cookie "corscookie" in the list of request cookies > next to the buttons, e.g. > corscookie = CORS cookie is set at 5/3/11 8:44 > > 5) Click on button "CORS POST / withCredentials=false" > The client will not send the "coorscokie" or any other cookie back to the > server > > Files: > A test/data/dhtml-cross-origin-dataset.lzx > M WEB-INF/lps/lfc/kernel/dhtml/LzHTTPLoader.js > M WEB-INF/lps/lfc/kernel/swf9/LzHTTPLoader.as > M WEB-INF/lps/lfc/data/LzHTTPDataRequest.lzs > M WEB-INF/lps/lfc/data/LzHTTPDataProvider.lzs > M WEB-INF/lps/lfc/data/LzDataset.lzs > > Changeset: http://svn.openlaszlo.org/openlaszlo/patches/raju-20110502-REe.tar > > > > -- > Henry Minsky > Software Architect > [email protected] > >
