[security-dev] Implementing CORS filter to Picketlink HTTP Security API
Giriraj Sharma
giriraj.sharma27 at gmail.com
Sun Oct 26 05:50:28 EDT 2014
Hi,
In order to implement the first cut of CORS (Cross-Origin Resource Sharing)
<https://tools.ietf.org/html/rfc6454>filter in Picketlink Http Security
API, I have wrapped up with following two initial ideas as providing CORS
Configuration which can be then loaded and parsed using
CORSConfigurationLoader and handled by CORSRequestHandler and
CORSResponseWrapper,
*#1. We can have a configuration file such as* *cors-sample.configuration
<https://gist.github.com/girirajsharma/cd7c60b1dcd38345b069#file-cors-sample-configuration>*
cors.allowGenericHttpRequests=true
cors.allowOrigin=https://www.example.org:9000, http://example.com:8008
cors.allowSubdomains=false
cors.supportedMethods=GET, PUT, HEAD, POST, DELETE, OPTIONS
cors.supportedHeaders=Origin, X-Requested-With, Content-Type, Accept,
Authorization
cors.exposedHeaders=
cors.supportsCredentials=true
cors.maxAge=3600
*#2*. *We can have a servlet CORS filter in web.xml such as* *CORS.xml
<https://gist.github.com/girirajsharma/059bcde20fc28e6cd0db#file-cors-xml>*
Either configuration could be used for making(implementing) use of
CORS requests in any application.
If this looks fine, I will go forward with its implementation ?
Regards,
--
Giriraj Sharma,
Department of Computer Science
National Institute of Technology Hamirpur
Himachal Pradesh, India
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/security-dev/attachments/20141026/7c4def1b/attachment.html
More information about the security-dev
mailing list