From 22301fc15dac5aea85b01125d5fd59d25a951989 Mon Sep 17 00:00:00 2001 From: Colin Adams Date: Tue, 18 Nov 2014 16:02:10 +0000 Subject: [PATCH] issue #149 (Simple CORS support for GET requests in policy-driven framework) --- library/server/wsf/policy_driven/wsf_get_helper.e | 3 +++ .../server/wsf/policy_driven/wsf_skeleton_handler.e | 13 ++++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/library/server/wsf/policy_driven/wsf_get_helper.e b/library/server/wsf/policy_driven/wsf_get_helper.e index 96d4b144..91b37dac 100644 --- a/library/server/wsf/policy_driven/wsf_get_helper.e +++ b/library/server/wsf/policy_driven/wsf_get_helper.e @@ -53,6 +53,9 @@ feature {NONE} -- Implementation l_dt := (create {HTTP_DATE}.make_from_date_time (l_last_modified)).rfc1123_string a_header.put_header_key_value ({HTTP_HEADER_NAMES}.header_last_modified, l_dt) end + if attached a_handler.allowed_cross_origins (req) as l_cors then + a_header.put_header_key_value ({HTTP_HEADER_NAMES}.header_access_control_allow_origin, l_cors) + end res.put_header_text (a_header.string) if l_ok then if l_chunked then diff --git a/library/server/wsf/policy_driven/wsf_skeleton_handler.e b/library/server/wsf/policy_driven/wsf_skeleton_handler.e index a094cf3c..56c7c73b 100644 --- a/library/server/wsf/policy_driven/wsf_skeleton_handler.e +++ b/library/server/wsf/policy_driven/wsf_skeleton_handler.e @@ -146,6 +146,17 @@ feature -- Access Result := True -- redefine to return `False', so as to induce a Vary: * header end + + allowed_cross_origins (req: WSF_REQUEST): detachable STRING + -- Value for Access-Control-Allow-Origin header; + -- If supplied, should be a single URI, or the values "*" or "null". + -- This is currently supported only for GET requests, and POSTs that functions as GET. + note + EIS: "name=specification", "protocol=URI", "src=http://www.w3.org/TR/cors/#http-access-control-allow-origin" + require + req_attached: req /= Void + deferred + end matching_etag (req: WSF_REQUEST; a_etag: READABLE_STRING_32; a_strong: BOOLEAN): BOOLEAN -- Is `a_etag' a match for resource requested in `req'? @@ -171,7 +182,7 @@ feature -- Access -- When representation of resource selected in `req' was last modified; -- SHOULD be set whenever it can reasonably be determined. note - specification: "https://tools.ietf.org/html/rfc7232#section-2.2.1" + EIS: "name=specification", "protocol=URI", "src=https://tools.ietf.org/html/rfc7232#section-2.2.1" require req_attached: req /= Void deferred