[aerogear-dev] Cross Domain Support for Aerogear.js

Lucas Holmquist lholmqui at redhat.com
Fri Dec 7 10:45:16 EST 2012 

Sure, why not,  i used node.js in my example just to quickly hack something together


On Dec 6, 2012, at 7:50 PM, Bruno Oliveira <bruno at abstractj.org> wrote:

> Hi Luke, CORS was recently added on aerogear controller.
> 
> Could we put pipeline and controller together?
> 
> 
> - Bruno
> 
> On Dec 6, 2012, at 6:31 PM, Lucas Holmquist <lholmqui at redhat.com> wrote:
> 
>> can also be seen here https://gist.github.com/4227377
>> 
>> 
>> 
>> This gist relates to AEROGEAR-534, https://issues.jboss.org/browse/AEROGEAR-534
>> 
>> I created a node.js server that handles CORS and jsonp for my testing
>> 
>> Cross Domain Support
>> 
>> To do cross domain request, i've modified aerogear.js a bit.
>> 
>> I've added a new settings variable, settings.crossdomain, that can be mixed. If set to true, it will default to CORS, to override to jsonp set settings.crossdomain.type = "jsonp"
>> 
>> var pipeline = AeroGear.Pipeline();
>> 
>>     jsonp = pipeline.add( {
>>             name: "jsonp",
>>             settings: {
>>                 baseURL: "http://localhost:8080",
>>                 endpoint: "/",
>>                 crossdomain: {
>>                     type: "jsonp",
>>                     jsonp: "jsonp" //this is optional and will default to callback, jquery default
>>                 }
>>             }
>>         });
>> 
>>     cors = pipeline.add( {
>>             name: "cors",
>>             settings: {
>>                 baseURL: "http://localhost:8080",
>>                 endpoint: "/",
>>                 crossdomain: true
>>             }
>>         });
>> If the user wants to use CORS, settings.crossdomain = true, but there browser doesn't support CORS, then AeroGear.Ajax will fallback to jsonp
>> 
>> CORS
>> 
>> since IE9 doesn't use the same thing as the rest of the browser world, i add in a small lib,https://github.com/jaubourg/ajaxHooks, in the external/ actually just the xdr.js file
>> 
>> Although i haven't actually tested that it works
>> 
>> AeroGear.Ajax
>> 
>> The majority of the changes happen in the AeroGear.Ajax function
>> 
>> Here is the commit for this
>> 
>> https://github.com/lholmquist/aerogear-js/commit/d3d3ecaac1d2648f37d66b46f7e776029b2a3517
>> 
>> At the moment the only overridable options in the crossdomain object are jsonp related. I guess this would be the place to add CORS options, if we wanted to
>> 
>> Interestingly enough, if you don't specify any of the new settings, CORS will work, if the server supports it, out of the box.
>> 
>> This is my simple node.js server
>> 
>> var express = require( "express" );
>> var app = express();
>> 
>> app.all( "/", function(request,response) {
>> 
>> // When dealing with CORS (Cross-Origin Resource Sharing)
>> // requests, the client should pass-through its origin (the
>> // requesting domain). We should either echo that or use *
>> // if the origin was not passed.
>> var origin = (request.headers.origin || "*");
>> 
>> // Check to see if this is a security check by the browser to
>>     // test the availability of the API for the client. If the
>>     // method is OPTIONS, the browser is check to see to see what
>>     // HTTP methods (and properties) have been granted to the
>>     // client.
>>     if (request.method.toUpperCase() === "OPTIONS"){
>> 
>> 
>>         // Echo back the Origin (calling domain) so that the
>>         // client is granted access to make subsequent requests
>>         // to the API.
>>         response.status( 204 );
>>         response.header(
>>             {
>>                 "access-control-allow-origin": origin,
>>                 "access-control-allow-methods": "GET, PUT, DELETE, OPTIONS",
>>                 "access-control-allow-headers": "content-type, accept",
>>                 "access-control-max-age": 10, // Seconds.
>>                 "content-length": 0
>>             }
>>         );
>>     }
>>     // End the response - we're not sending back any content.
>>     response.status( 200 );
>>     response.header(
>>                 {
>>                     "access-control-allow-origin": origin,
>>                     "content-type": "application/json"
>>                 }
>>             );
>>     var callback = request.query.callback || request.query.jsonp;
>>     if( callback ) {
>>         response.send( callback + "({response:'stuff'})");
>>     } else {
>>         response.send( {response:'stuff'});
>>     }
>> 
>> 
>> });
>> 
>> app.listen( 8080 );
>> 
>> // Debugging:
>> console.log( "Node.js listening on port 8080" );
>> 
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20121207/cc6aa851/attachment.html

More information about the aerogear-dev mailing list