issue #149 (Simple CORS support for GET requests in policy-driven framework)

library/server/wsf/policy_driven/wsf_get_helper.e

@@ -53,6 +53,9 @@ feature {NONE} -- Implementation
 				l_dt := (create {HTTP_DATE}.make_from_date_time (l_last_modified)).rfc1123_string
 				a_header.put_header_key_value ({HTTP_HEADER_NAMES}.header_last_modified, l_dt)
 			end
+			if attached a_handler.allowed_cross_origins (req) as l_cors then
+				a_header.put_header_key_value ({HTTP_HEADER_NAMES}.header_access_control_allow_origin, l_cors)
+			end
 			res.put_header_text (a_header.string)
 			if l_ok then
 				if l_chunked then

library/server/wsf/policy_driven/wsf_skeleton_handler.e

@@ -147,6 +147,17 @@ feature -- Access
 			-- redefine to return `False', so as to induce a Vary: * header
 		end
 	
+	allowed_cross_origins (req: WSF_REQUEST): detachable STRING
+			-- Value for Access-Control-Allow-Origin header;
+			-- If supplied, should be a single URI, or the values "*" or "null".
+			-- This is currently supported only for GET requests, and POSTs that functions as GET.
+		note
+			EIS: "name=specification", "protocol=URI", "src=http://www.w3.org/TR/cors/#http-access-control-allow-origin"
+		require
+			req_attached: req /= Void
+		deferred
+		end
+
 	matching_etag (req: WSF_REQUEST; a_etag: READABLE_STRING_32; a_strong: BOOLEAN): BOOLEAN
 			-- Is `a_etag' a match for resource requested in `req'?
 			-- If `a_strong' then the strong comparison function must be used.
@@ -171,7 +182,7 @@ feature -- Access
 			-- When representation of resource selected in `req' was last modified;
 			-- SHOULD be set whenever it can reasonably be determined.
 		note
-			specification: "https://tools.ietf.org/html/rfc7232#section-2.2.1"
+			EIS: "name=specification", "protocol=URI", "src=https://tools.ietf.org/html/rfc7232#section-2.2.1"
 		require
 			req_attached: req /= Void
 		deferred