[aerogear-dev] Cross Domain Support for Aerogear.js
Lucas Holmquist
lholmqui at redhat.com
Thu Dec 6 15:31:43 EST 2012
can also be seen here https://gist.github.com/4227377
This gist relates to AEROGEAR-534, https://issues.jboss.org/browse/AEROGEAR-534
I created a node.js server that handles CORS and jsonp for my testing
Cross Domain Support
To do cross domain request, i've modified aerogear.js a bit.
I've added a new settings variable, settings.crossdomain, that can be mixed. If set to true, it will default to CORS, to override to jsonp set settings.crossdomain.type = "jsonp"
var pipeline = AeroGear.Pipeline();
jsonp = pipeline.add( {
name: "jsonp",
settings: {
baseURL: "http://localhost:8080",
endpoint: "/",
crossdomain: {
type: "jsonp",
jsonp: "jsonp" //this is optional and will default to callback, jquery default
}
}
});
cors = pipeline.add( {
name: "cors",
settings: {
baseURL: "http://localhost:8080",
endpoint: "/",
crossdomain: true
}
});
If the user wants to use CORS, settings.crossdomain = true, but there browser doesn't support CORS, then AeroGear.Ajax will fallback to jsonp
CORS
since IE9 doesn't use the same thing as the rest of the browser world, i add in a small lib,https://github.com/jaubourg/ajaxHooks, in the external/ actually just the xdr.js file
Although i haven't actually tested that it works
AeroGear.Ajax
The majority of the changes happen in the AeroGear.Ajax function
Here is the commit for this
https://github.com/lholmquist/aerogear-js/commit/d3d3ecaac1d2648f37d66b46f7e776029b2a3517
At the moment the only overridable options in the crossdomain object are jsonp related. I guess this would be the place to add CORS options, if we wanted to
Interestingly enough, if you don't specify any of the new settings, CORS will work, if the server supports it, out of the box.
This is my simple node.js server
var express = require( "express" );
var app = express();
app.all( "/", function(request,response) {
// When dealing with CORS (Cross-Origin Resource Sharing)
// requests, the client should pass-through its origin (the
// requesting domain). We should either echo that or use *
// if the origin was not passed.
var origin = (request.headers.origin || "*");
// Check to see if this is a security check by the browser to
// test the availability of the API for the client. If the
// method is OPTIONS, the browser is check to see to see what
// HTTP methods (and properties) have been granted to the
// client.
if (request.method.toUpperCase() === "OPTIONS"){
// Echo back the Origin (calling domain) so that the
// client is granted access to make subsequent requests
// to the API.
response.status( 204 );
response.header(
{
"access-control-allow-origin": origin,
"access-control-allow-methods": "GET, PUT, DELETE, OPTIONS",
"access-control-allow-headers": "content-type, accept",
"access-control-max-age": 10, // Seconds.
"content-length": 0
}
);
}
// End the response - we're not sending back any content.
response.status( 200 );
response.header(
{
"access-control-allow-origin": origin,
"content-type": "application/json"
}
);
var callback = request.query.callback || request.query.jsonp;
if( callback ) {
response.send( callback + "({response:'stuff'})");
} else {
response.send( {response:'stuff'});
}
});
app.listen( 8080 );
// Debugging:
console.log( "Node.js listening on port 8080" );
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20121206/63d551f6/attachment.html
More information about the aerogear-dev
mailing list