Hi,

In order to implement the first cut of CORS (Cross-Origin Resource Sharing) filter in Picketlink Http Security API, I have wrapped up with following two initial ideas as providing CORS Configuration which can be then loaded and parsed using CORSConfigurationLoader and handled by CORSRequestHandler and CORSResponseWrapper,

#1. We can have a configuration file such as cors-sample.configuration

cors.allowGenericHttpRequests=true
cors.allowOrigin=https://www.example.org:9000, http://example.com:8008
cors.allowSubdomains=false
cors.supportedMethods=GET, PUT, HEAD, POST, DELETE, OPTIONS
cors.supportedHeaders=Origin, X-Requested-With, Content-Type, Accept, Authorization
cors.exposedHeaders=
cors.supportsCredentials=true
cors.maxAge=3600

#2. We can have a servlet CORS filter in web.xml such as CORS.xml
Either configuration could be used for making(implementing) use of CORS requests in any application.
If this looks fine, I will go forward with its implementation ?

Regards,

Giriraj Sharma,

Department of Computer Science
National Institute of Technology Hamirpur

Himachal Pradesh, India