[aerogear-dev] Cross Domain Support for Aerogear.js
Lucas Holmquist
lholmqui at redhat.com
Fri Dec 7 10:45:16 EST 2012
Sure, why not, i used node.js in my example just to quickly hack something together
On Dec 6, 2012, at 7:50 PM, Bruno Oliveira <bruno at abstractj.org> wrote:
> Hi Luke, CORS was recently added on aerogear controller.
>
> Could we put pipeline and controller together?
>
>
> - Bruno
>
> On Dec 6, 2012, at 6:31 PM, Lucas Holmquist <lholmqui at redhat.com> wrote:
>
>> can also be seen here https://gist.github.com/4227377
>>
>>
>>
>> This gist relates to AEROGEAR-534, https://issues.jboss.org/browse/AEROGEAR-534
>>
>> I created a node.js server that handles CORS and jsonp for my testing
>>
>> Cross Domain Support
>>
>> To do cross domain request, i've modified aerogear.js a bit.
>>
>> I've added a new settings variable, settings.crossdomain, that can be mixed. If set to true, it will default to CORS, to override to jsonp set settings.crossdomain.type = "jsonp"
>>
>> var pipeline = AeroGear.Pipeline();
>>
>> jsonp = pipeline.add( {
>> name: "jsonp",
>> settings: {
>> baseURL: "http://localhost:8080",
>> endpoint: "/",
>> crossdomain: {
>> type: "jsonp",
>> jsonp: "jsonp" //this is optional and will default to callback, jquery default
>> }
>> }
>> });
>>
>> cors = pipeline.add( {
>> name: "cors",
>> settings: {
>> baseURL: "http://localhost:8080",
>> endpoint: "/",
>> crossdomain: true
>> }
>> });
>> If the user wants to use CORS, settings.crossdomain = true, but there browser doesn't support CORS, then AeroGear.Ajax will fallback to jsonp
>>
>> CORS
>>
>> since IE9 doesn't use the same thing as the rest of the browser world, i add in a small lib,https://github.com/jaubourg/ajaxHooks, in the external/ actually just the xdr.js file
>>
>> Although i haven't actually tested that it works
>>
>> AeroGear.Ajax
>>
>> The majority of the changes happen in the AeroGear.Ajax function
>>
>> Here is the commit for this
>>
>> https://github.com/lholmquist/aerogear-js/commit/d3d3ecaac1d2648f37d66b46f7e776029b2a3517
>>
>> At the moment the only overridable options in the crossdomain object are jsonp related. I guess this would be the place to add CORS options, if we wanted to
>>
>> Interestingly enough, if you don't specify any of the new settings, CORS will work, if the server supports it, out of the box.
>>
>> This is my simple node.js server
>>
>> var express = require( "express" );
>> var app = express();
>>
>> app.all( "/", function(request,response) {
>>
>> // When dealing with CORS (Cross-Origin Resource Sharing)
>> // requests, the client should pass-through its origin (the
>> // requesting domain). We should either echo that or use *
>> // if the origin was not passed.
>> var origin = (request.headers.origin || "*");
>>
>> // Check to see if this is a security check by the browser to
>> // test the availability of the API for the client. If the
>> // method is OPTIONS, the browser is check to see to see what
>> // HTTP methods (and properties) have been granted to the
>> // client.
>> if (request.method.toUpperCase() === "OPTIONS"){
>>
>>
>> // Echo back the Origin (calling domain) so that the
>> // client is granted access to make subsequent requests
>> // to the API.
>> response.status( 204 );
>> response.header(
>> {
>> "access-control-allow-origin": origin,
>> "access-control-allow-methods": "GET, PUT, DELETE, OPTIONS",
>> "access-control-allow-headers": "content-type, accept",
>> "access-control-max-age": 10, // Seconds.
>> "content-length": 0
>> }
>> );
>> }
>> // End the response - we're not sending back any content.
>> response.status( 200 );
>> response.header(
>> {
>> "access-control-allow-origin": origin,
>> "content-type": "application/json"
>> }
>> );
>> var callback = request.query.callback || request.query.jsonp;
>> if( callback ) {
>> response.send( callback + "({response:'stuff'})");
>> } else {
>> response.send( {response:'stuff'});
>> }
>>
>>
>> });
>>
>> app.listen( 8080 );
>>
>> // Debugging:
>> console.log( "Node.js listening on port 8080" );
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20121207/cc6aa851/attachment.html
More information about the aerogear-dev
mailing list