To specify request header that are valid you can use the validRequestHeaders method:

return CorsConfig.enableCorsSupport()
                .anyOrigin()
                .enableCookies()
                .maxAge(20)
                .enableAllRequestMethods()
                .validRequestHeaders("header1, header2");

Is this how you modified you local aerogear-controller-demo?

I'm not sure exaclty what is going on just by looking at the request and the response. Let me try this out and see if I can figure it out.




On 12 December 2012 15:26, Lucas Holmquist <lholmqui@redhat.com> wrote:

CORS with Aerogear.js and AG-Controller

from this gist:https://gist.github.com/4268092

2 things.

So when using aerogear.js to make a cross domain call,

var pipeline = AeroGear.Pipeline();
        cors = pipeline.add( {
            name: "cors",
            settings: {
                baseURL: "http://localhost:8080/aerogear-controller-demo/",
                endpoint: "login/"
            }
        });

        pipeline.pipes.cors.read({
            success: function( data, xhr, thing1 ) {
                console.log( data );
            },
            error: function( error ) {
                console.log( error );
            }
        });

the initial OPTIONS request looks similar to this. Request URL:http://localhost:8080/aerogear-controller-demo/login/

Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:origin, content-type, accept
Access-Control-Request-Method:GET
Cache-Control:max-age=0
Connection:keep-alive
Host:localhost:8080
Origin:http://localhost:8000
Pragma:no-cache
Referer:http://localhost:8000/app/cors.html
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11

I just copy and pasted this from chrome dev tools.

Here is what the CORS config looks like in the controller demo, for those who don't want to go look it up

@Produces
public CorsConfiguration demoConfig() {
    return CorsConfig.enableCorsSupport()
            .anyOrigin()
            .enableCookies()
            .maxAge(20)
            .enableAllRequestMethods()
            .build();
}

So the above request will fail since it has more headers than just "origin". This brings me to my first question:

How do i specify more headers in this config object?, i guess in this case it would be origin, content-type, and accept

Now to the second part

I modified my local aerogear-controller to add these other headers in by default, and then ran the above request again.

This time i get the same OPTIONS request but then i get a cross domain error with the follow up GET that the browser makes

Request URL:http://localhost:8080/aerogear-controller-demo/login/

Request Headersview source
Accept:application/json, text/javascript, */*; q=0.01
Cache-Control:no-cache
Content-Type:application/json
Origin:http://localhost:8000
Pragma:no-cache
Referer:http://localhost:8000/app/cors.html
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11

And i don't get any errors on the server log, so not really sure whats going on here

This is the repo i was using to play around with https://github.com/lholmquist/WoWAerogear checkout the cors.html and cors.js page



-Luke

_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev