[aerogear-dev] AG-Controller and Aerogear.js CORS interaction

Lucas Holmquist lholmqui at redhat.com
Wed Dec 12 09:50:40 EST 2012


Thanks dan,

On Dec 12, 2012, at 9:47 AM, Daniel Bevenius <daniel.bevenius at gmail.com> wrote:

> To specify request header that are valid you can use the validRequestHeaders method:
> 
> return CorsConfig.enableCorsSupport()
>                 .anyOrigin()
>                 .enableCookies()
>                 .maxAge(20)
>                 .enableAllRequestMethods()
>                 .validRequestHeaders("header1, header2");
> Is this how you modified you local aerogear-controller-demo?
> 
i actually did this in the CorsConfig class.  Should have know it was easier than that

     public CorsConfiguration build() {
            validRequestHeaders.add("origin");
            validRequestHeaders.add("accept");
            validRequestHeaders.add("content-type");
            if (validRequestMethods.isEmpty()) {
                enableAllRequestMethods();
            }
            return new CorsConfig(this);
        }


> I'm not sure exaclty what is going on just by looking at the request and the response. Let me try this out and see if I can figure it out.
> 
> 

cool,  i just used python -m SimpleHTTPServer to run the html/js stuff

> 
> 
> On 12 December 2012 15:26, Lucas Holmquist <lholmqui at redhat.com> wrote:
> CORS with Aerogear.js and AG-Controller
> 
> from this gist:https://gist.github.com/4268092
> 
> 2 things.
> 
> So when using aerogear.js to make a cross domain call,
> 
> var pipeline = AeroGear.Pipeline();
>         cors = pipeline.add( {
>             name: "cors",
>             settings: {
>                 baseURL: "http://localhost:8080/aerogear-controller-demo/",
>                 endpoint: "login/"
>             }
>         });
> 
>         pipeline.pipes.cors.read({
>             success: function( data, xhr, thing1 ) {
>                 console.log( data );
>             },
>             error: function( error ) {
>                 console.log( error );
>             }
>         });
> the initial OPTIONS request looks similar to this. Request URL:http://localhost:8080/aerogear-controller-demo/login/
> 
> Accept:*/*
> Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
> Accept-Encoding:gzip,deflate,sdch
> Accept-Language:en-US,en;q=0.8
> Access-Control-Request-Headers:origin, content-type, accept
> Access-Control-Request-Method:GET
> Cache-Control:max-age=0
> Connection:keep-alive
> Host:localhost:8080
> Origin:http://localhost:8000
> Pragma:no-cache
> Referer:http://localhost:8000/app/cors.html
> User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11
> I just copy and pasted this from chrome dev tools.
> 
> Here is what the CORS config looks like in the controller demo, for those who don't want to go look it up
> 
> @Produces
> public CorsConfiguration demoConfig() {
>     return CorsConfig.enableCorsSupport()
>             .anyOrigin()
>             .enableCookies()
>             .maxAge(20)
>             .enableAllRequestMethods()
>             .build();
> }
> So the above request will fail since it has more headers than just "origin". This brings me to my first question:
> 
> How do i specify more headers in this config object?, i guess in this case it would be origin, content-type, and accept
> 
> Now to the second part
> 
> I modified my local aerogear-controller to add these other headers in by default, and then ran the above request again.
> 
> This time i get the same OPTIONS request but then i get a cross domain error with the follow up GET that the browser makes
> 
> Request URL:http://localhost:8080/aerogear-controller-demo/login/
> 
> Request Headersview source
> Accept:application/json, text/javascript, */*; q=0.01
> Cache-Control:no-cache
> Content-Type:application/json
> Origin:http://localhost:8000
> Pragma:no-cache
> Referer:http://localhost:8000/app/cors.html
> User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11
> And i don't get any errors on the server log, so not really sure whats going on here
> 
> This is the repo i was using to play around with https://github.com/lholmquist/WoWAerogear checkout the cors.html and cors.js page
> 
> 
> -Luke
> 
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> 
> 
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20121212/a2d84d51/attachment.html 


More information about the aerogear-dev mailing list