To specify request header that are valid you can use the validRequestHeaders
method:
return CorsConfig.enableCorsSupport()
.anyOrigin()
.enableCookies()
.maxAge(20)
.enableAllRequestMethods()
.validRequestHeaders("header1, header2");
Is this how you modified you local aerogear-controller-demo?
I'm not sure exaclty what is going on just by looking at the request and
the response. Let me try this out and see if I can figure it out.
On 12 December 2012 15:26, Lucas Holmquist <lholmqui(a)redhat.com> wrote:
CORS with Aerogear.js and AG-Controller
from this
gist:https://gist.github.com/4268092
2 things.
So when using aerogear.js to make a cross domain call,
var pipeline = AeroGear.Pipeline();
cors = pipeline.add( {
name: "cors",
settings: {
baseURL: "http://localhost:8080/aerogear-controller-demo/",
endpoint: "login/"
}
});
pipeline.pipes.cors.read({
success: function( data, xhr, thing1 ) {
console.log( data );
},
error: function( error ) {
console.log( error );
}
});
the initial OPTIONS request looks similar to this. Request URL:
http://localhost:8080/aerogear-controller-demo/login/
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:origin, content-type, accept
Access-Control-Request-Method:GET
Cache-Control:max-age=0
Connection:keep-alive
Host:localhost:8080
Origin:http://localhost:8000
Pragma:no-cache
Referer:http://localhost:8000/app/cors.html
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.11 (KHTML, like
Gecko) Chrome/23.0.1271.95 Safari/537.11
I just copy and pasted this from chrome dev tools.
Here is what the CORS config looks like in the controller demo, for those
who don't want to go look it up
@Produces
public CorsConfiguration demoConfig() {
return CorsConfig.enableCorsSupport()
.anyOrigin()
.enableCookies()
.maxAge(20)
.enableAllRequestMethods()
.build();
}
So the above request will fail since it has more headers than just
"origin". This brings me to my first question:
How do i specify more headers in this config object?, i guess in this case
it would be origin, content-type, and accept
Now to the second part
I modified my local aerogear-controller to add these other headers in by
default, and then ran the above request again.
This time i get the same OPTIONS request but then i get a cross domain
error with the follow up GET that the browser makes
Request URL:http://localhost:8080/aerogear-controller-demo/login/
Request Headersview source
Accept:application/json, text/javascript, */*; q=0.01
Cache-Control:no-cache
Content-Type:application/json
Origin:http://localhost:8000
Pragma:no-cache
Referer:http://localhost:8000/app/cors.html
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.11 (KHTML, like
Gecko) Chrome/23.0.1271.95 Safari/537.11
And i don't get any errors on the server log, so not really sure whats
going on here
This is the repo i was using to play around with
https://github.com/lholmquist/WoWAerogear checkout the cors.html and
cors.js page
-Luke
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev