Hi,
In order to implement the first cut of CORS (Cross-Origin Resource Sharing)
<
https://tools.ietf.org/html/rfc6454>filter in Picketlink Http Security
API, I have wrapped up with following two initial ideas as providing CORS
Configuration which can be then loaded and parsed using
CORSConfigurationLoader and handled by CORSRequestHandler and
CORSResponseWrapper,
*#1. We can have a configuration file such as* *cors-sample.configuration
<
https://gist.github.com/girirajsharma/cd7c60b1dcd38345b069#file-cors-samp...
cors.allowGenericHttpRequests=true
cors.allowOrigin=https://www.example.org:9000,
http://example.com:8008
cors.allowSubdomains=false
cors.supportedMethods=GET, PUT, HEAD, POST, DELETE, OPTIONS
cors.supportedHeaders=Origin, X-Requested-With, Content-Type, Accept,
Authorization
cors.exposedHeaders=
cors.supportsCredentials=true
cors.maxAge=3600
*#2*. *We can have a servlet CORS filter in web.xml such as* *CORS.xml
<
https://gist.github.com/girirajsharma/059bcde20fc28e6cd0db#file-cors-xml&...
Either configuration could be used for making(implementing) use of
CORS requests in any application.
If this looks fine, I will go forward with its implementation ?
Regards,
--
Giriraj Sharma,
Department of Computer Science
National Institute of Technology Hamirpur
Himachal Pradesh, India