In Apache Tuscany, I have implemented CORS in the REST binding that uses Wink under the covers... If you want to use that it might be quicker for you...
Otherwise i would have to take a look on best way to inplement in Wink directly in a flexible way. Please let me know ... On Monday, July 7, 2014, Lars-Fredrik Smedberg <[email protected]> wrote: > Hi! > > For a more in-depth explanation of CORS see http://www.w3.org/TR/cors/ > > For the simple scenario described in 6.1 of the w3c document you could > either implement it as a Wink or as a Servlet Filter, I would guess a > Servlet filter would be easier. > > The simplest case implemented as a Servlet filter could look like: > > 1. In the doFilter check if the request contains the "Origin" header, if > not => send e.g. http status 403 > 2. Then check if the value of the "Origin" header corresponds to a value > in a whitelist, if not => send e.g. http status 403 > 3. Add a response header called "Access-Control-Allow-Origin" bouncing the > value found in the "Origin" header > 4. Process the next filter/servlet in the filter chain > > Regards > Lars-Fredrik Smedberg > > > > On Sat, Jul 5, 2014 at 8:42 PM, DK <[email protected] > <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: > >> I need to enable CORS support for my REST API? >> >> I assume I need to use Apache Wink HandlersFactory and ResponseHandler? >> Any >> examples? >> >> >> >> -- >> View this message in context: >> http://apache-wink-users.3471013.n2.nabble.com/CORs-support-in-JEE6-JAX-RS-tp7572806.html >> Sent from the Apache Wink Users mailing list archive at Nabble.com. >> > > > > -- > Med vänlig hälsning / Best regards > > Lars-Fredrik Smedberg > > STATEMENT OF CONFIDENTIALITY: > The information contained in this electronic message and any > attachments to this message are intended for the exclusive use of the > address(es) and may contain confidential or privileged information. If > you are not the intended recipient, please notify Lars-Fredrik Smedberg > immediately at [email protected] > <javascript:_e(%7B%7D,'cvml','[email protected]');>, and destroy all > copies of this > message and any attachments. > -- Sent from my Mobile device
