Permalink
Browse files

return expose-headers from POST as well as preflight

  • Loading branch information...
1 parent 11d8e62 commit 979715a4d3f4e6bd2803e418e7bb16193031f692 Adrian Colyer committed Oct 9, 2012
Showing with 54 additions and 1 deletion.
  1. +52 −0 cors/preflight.http
  2. +2 −1 src/main/java/org/springsource/samples/montyhall/web/CorsInterceptor.java
View
@@ -0,0 +1,52 @@
+OPTIONS /games HTTP/1.1
+Host: monty-hall.cloudfoundry.com
+User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.7; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-us,en;q=0.5
+Accept-Encoding: gzip,deflate
+Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
+Keep-Alive: 115
+Connection: keep-alive
+Origin: null
+Access-Control-Request-Method: POST
+Access-Control-Request-Headers: x-test-1349811727014
+
+->
+HTTP/1.1 200 OK
+Server: nginx
+Date: Tue, 09 Oct 2012 19:42:07 GMT
+Connection: keep-alive
+Keep-Alive: timeout=20
+Access-Control-Allow-Origin: *
+Access-Control-Allow-Methods: GET, PUT, POST
+Access-Control-Allow-Headers: x-test-1349811727014
+Access-Control-Max-Age: 300
+Access-Control-Expose-Headers: Location, ETag
+Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS
+Content-Length: 0
+
+POST /games HTTP/1.1
+Host: monty-hall.cloudfoundry.com
+User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.7; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-us,en;q=0.5
+Accept-Encoding: gzip,deflate
+Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
+Keep-Alive: 115
+Connection: keep-alive
+X-Test-1349811727014: 1349811727014
+Origin: null
+Pragma: no-cache
+Cache-Control: no-cache
+Content-Length: 0
+
+->
+HTTP/1.1 201 Created
+Server: nginx
+Access-Control-Expose-Headers: Location, ETag
+Date: Tue, 09 Oct 2012 19:42:07 GMT
+Keep-Alive: timeout=20
+Location: http://monty-hall.cloudfoundry.com/games/6377614539704418927
+Access-Control-Allow-Origin: *
+Connection: keep-alive
+Content-Length: 0
@@ -25,6 +25,7 @@ public void postHandle(HttpServletRequest request, HttpServletResponse response,
ModelAndView modelAndView) {
// Our REST API is accessible from anywhere
response.setHeader(ACCESS_CONTROL_ALLOW_ORIGIN, "*");
+ response.setHeader(ACCESS_CONTROL_EXPOSE_HEADERS, EXPOSED_HEADERS);
}
@Override
@@ -39,7 +40,7 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons
if (hasValue(origin) && hasValue(acRequestMethod)) {
// this is a preflight check
// our API only needs this for PUT requests, anything we can PUT we can also GET
- response.setHeader(ACCESS_CONTROL_ALLOW_ORIGIN,origin);
+ response.setHeader(ACCESS_CONTROL_ALLOW_ORIGIN,"*");
response.addHeader(ACCESS_CONTROL_ALLOW_METHODS, ALLOWED_METHODS);
response.setHeader(ACCESS_CONTROL_ALLOW_HEADERS,acRequestHeaders);
response.setHeader(ACCESS_CONTROL_MAX_AGE,CACHE_SECONDS);

0 comments on commit 979715a

Please sign in to comment.