fixes #25 add basic CORS support

[McFoggy]

Find embedded a small contribution to add a basic CORS support to NanoHttpd webserver.

I got inspired from:

• @kasakara answer in the comment
• @AdamBien in his CORS project

[kasakara]

Thanks

Pubudu Kasakara

Sent from my iPhone

On 8 Jul 2015, at 8:09 pm, Matthieu Brouillard notifications@github.com wrote:

Find embedded a small contribution to add a basic CORS support to NanoHttpd webserver.

I got inspired from:

@kasakara answer in the comment
@AdamBien in his CORS project
You can view, comment on, or merge this pull request online at:

#207

Commit Summary

fixes #25 add basic CORS support
File Changes

M README.md (4)
M webserver/src/main/java/fi/iki/elonen/SimpleWebServer.java (65)
A webserver/src/test/java/fi/iki/elonen/AbstractTestHttpServer.java (67)
A webserver/src/test/java/fi/iki/elonen/TestCorsHttpServer.java (154)
M webserver/src/test/java/fi/iki/elonen/TestHttpServer.java (25)
Patch Links:

https://github.com/NanoHttpd/nanohttpd/pull/207.patch
https://github.com/NanoHttpd/nanohttpd/pull/207.diff
—
Reply to this email directly or view it on GitHub.

[elonen]

Thank you @McFoggy. Looks solid.
A question, though: would it be better to perhaps use String corsAllowedDomain instead of boolean useCORS in the SimpleWebServer() constructor, to support specifying allowed domain(s) without changing the code? And/or make addCORSHeaders(...) protected instead of private?

[McFoggy]

@elonen changing visibility from private to protected makes sense.
For the other proposition, what would you like to see? Instead of a boolean value that allows *, you'd like to receive a string parameter as program argument and set this value directly to the Access-Control-Allow-Origin?
I am not against it of course but this would allow to open only one domain to CORS (see this answer on SO).
Not sure what is the real target/usage of SimpleWebServer. Personally I use it in development environments not in production envrionements where my CORS logic is delegated to nginx/apache or servlet application filters if I need application logic in CORS handling.

[elonen]

I believe Access-Control-Allow-Origin can be either a single domain or a space separated list (see http://www.w3.org/TR/cors/#access-control-allow-origin-response-header), so a single parameter should do.

[McFoggy]

@elonen find the enhancements to allow to define origin. If you want I can rebase the branch.

[elonen]

Very nice. No need to rebase, IMO.
Any objections to merging this @ritchieGitHub ?

[kasakara]

Should be ok.

Sent from my iPhone

On 9 Aug 2015, at 3:58 pm, Matthieu Brouillard notifications@github.com wrote:

@elonen find the enhancements to allow to define origin. If you want I can rebase the branch.

—
Reply to this email directly or view it on GitHub.

[ritchieGitHub]

no this seems is a good pul request (delivers unit tests ;-) )