<div dir="ltr">Hi,<div>In order to implement the first cut of CORS <a href="https://tools.ietf.org/html/rfc6454">(<span style="font-weight:bold;color:rgb(84,84,84);font-family:arial,sans-serif;line-height:18.200000762939453px">Cross-Origin Resource Sharing</span>) </a>filter in Picketlink Http Security API, I have wrapped up with following two initial ideas as providing CORS Configuration which can be then loaded and parsed using CORSConfigurationLoader and handled by CORSRequestHandler and CORSResponseWrapper,</div><div><br></div><div><b>#1. We can have a configuration file such as</b> <strong class="" style="color:rgb(65,131,196);text-decoration:none;font-family:Helvetica,arial,freesans,clean,sans-serif;font-size:12px;line-height:33px;background-color:rgb(247,247,247)"><a href="https://gist.github.com/girirajsharma/cd7c60b1dcd38345b069#file-cors-sample-configuration" class="" style="color:rgb(65,131,196);text-decoration:none;font-family:Helvetica,arial,freesans,clean,sans-serif;font-size:12px;line-height:33px;background-color:rgb(247,247,247)">cors-sample.configuration</a></strong></div><div><pre class="" style="font-family:Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:12px;margin-top:0px;margin-bottom:0px;width:748px;color:rgb(51,51,51);line-height:16.799999237060547px"><div class="" id="file-cors-sample-configuration-LC1">cors.allowGenericHttpRequests=true</div><div class="" id="file-cors-sample-configuration-LC2">cors.allowOrigin=<a href="https://www.example.org:9000">https://www.example.org:9000</a>, <a href="http://example.com:8008">http://example.com:8008</a></div><div class="" id="file-cors-sample-configuration-LC3">cors.allowSubdomains=false</div><div class="" id="file-cors-sample-configuration-LC4">cors.supportedMethods=GET, PUT, HEAD, POST, DELETE, OPTIONS</div><div class="" id="file-cors-sample-configuration-LC5">cors.supportedHeaders=Origin, X-Requested-With, Content-Type, Accept, Authorization</div><div class="" id="file-cors-sample-configuration-LC6">cors.exposedHeaders=</div><div class="" id="file-cors-sample-configuration-LC7">cors.supportsCredentials=true</div><div class="" id="file-cors-sample-configuration-LC8">cors.maxAge=3600</div><div class="" id="file-cors-sample-configuration-LC8"><br></div><div class="" id="file-cors-sample-configuration-LC8"><b>#2</b>. <b>We can have a servlet CORS filter in web.xml such as</b> <strong class="" style="color:rgb(65,131,196);text-decoration:none;font-family:Helvetica,arial,freesans,clean,sans-serif;line-height:33px;white-space:normal;background-color:rgb(247,247,247)"><a href="https://gist.github.com/girirajsharma/059bcde20fc28e6cd0db#file-cors-xml" class="" style="color:rgb(65,131,196);text-decoration:none;font-family:Helvetica,arial,freesans,clean,sans-serif;line-height:33px;white-space:normal;background-color:rgb(247,247,247)">CORS.xml</a></strong></div><div class="" id="file-cors-sample-configuration-LC8">Either configuration could be used for making(implementing) use of CORS requests in any application.</div><div class="" id="file-cors-sample-configuration-LC8">If this looks fine, I will go forward with its implementation ?</div></pre></div><div><div><div><br></div><div>Regards,</div>-- <br><div dir="ltr"><font color="#888888"><div>Giriraj Sharma,<br></div><div>Department of Computer Science<br>National Institute of Technology Hamirpur<br></div><div>Himachal Pradesh, India<br></div></font></div>
</div></div></div>