Hey Sharma ! It looks fine. But what about having this options in our config api ? Something like: http() .path("/somePath") .cors() //options ----- Original Message ----- From: "Giriraj Sharma" <giriraj.sharma27(a)gmail.com&gt; To: security-dev(a)lists.jboss.org Cc: "Pedro Igor Craveiro e Silva" <pigor.craveiro(a)gmail.com&gt; Sent: Sunday, October 26, 2014 7:50:28 AM Subject: [security-dev] Implementing CORS filter to Picketlink HTTP Security API Hi, In order to implement the first cut of CORS ( Cross-Origin Resource Sharing ) filter in Picketlink Http Security API, I have wrapped up with following two initial ideas as providing CORS Configuration which can be then loaded and parsed using CORSConfigurationLoader and handled by CORSRequestHandler and CORSResponseWrapper, #1. We can have a configuration file such as cors-sample.configuration cors.allowGenericHttpRequests=true cors.allowOrigin= https://www.example.org:9000 , http://example.com:8008 cors.allowSubdomains=false cors.supportedMethods=GET, PUT, HEAD, POST, DELETE, OPTIONS cors.supportedHeaders=Origin, X-Requested-With, Content-Type, Accept, Authorization cors.exposedHeaders= cors.supportsCredentials=true cors.maxAge=3600 #2 . We can have a servlet CORS filter in web.xml such as CORS.xml Either configuration could be used for making(implementing) use of CORS requests in any application. If this looks fine, I will go forward with its implementation ? Regards, -- Giriraj Sharma, Department of Computer Science National Institute of Technology Hamirpur Himachal Pradesh, India _______________________________________________ security-dev mailing list security-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/security-dev