[security-dev] Implementing CORS filter to Picketlink HTTP Security API
Pedro Igor Silva
psilva at redhat.com
Mon Oct 27 07:04:59 EDT 2014
Hey Sharma !
It looks fine. But what about having this options in our config api ?
Something like:
http()
.path("/somePath")
.cors()
//options
----- Original Message -----
From: "Giriraj Sharma" <giriraj.sharma27 at gmail.com>
To: security-dev at lists.jboss.org
Cc: "Pedro Igor Craveiro e Silva" <pigor.craveiro at gmail.com>
Sent: Sunday, October 26, 2014 7:50:28 AM
Subject: [security-dev] Implementing CORS filter to Picketlink HTTP Security API
Hi,
In order to implement the first cut of CORS ( Cross-Origin Resource Sharing ) filter in Picketlink Http Security API, I have wrapped up with following two initial ideas as providing CORS Configuration which can be then loaded and parsed using CORSConfigurationLoader and handled by CORSRequestHandler and CORSResponseWrapper,
#1. We can have a configuration file such as cors-sample.configuration
cors.allowGenericHttpRequests=true
cors.allowOrigin= https://www.example.org:9000 , http://example.com:8008
cors.allowSubdomains=false
cors.supportedMethods=GET, PUT, HEAD, POST, DELETE, OPTIONS
cors.supportedHeaders=Origin, X-Requested-With, Content-Type, Accept, Authorization
cors.exposedHeaders=
cors.supportsCredentials=true
cors.maxAge=3600
#2 . We can have a servlet CORS filter in web.xml such as CORS.xml
Either configuration could be used for making(implementing) use of CORS requests in any application.
If this looks fine, I will go forward with its implementation ?
Regards,
--
Giriraj Sharma,
Department of Computer Science
National Institute of Technology Hamirpur
Himachal Pradesh, India
_______________________________________________
security-dev mailing list
security-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/security-dev
More information about the security-dev
mailing list