Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Handle OPTIONS request for CORS [DATAREST-333] #716

Closed
spring-projects-issues opened this issue Jun 25, 2014 · 5 comments
Closed

Handle OPTIONS request for CORS [DATAREST-333] #716

spring-projects-issues opened this issue Jun 25, 2014 · 5 comments
Assignees
Labels
type: enhancement

Comments

@spring-projects-issues
Copy link

@spring-projects-issues spring-projects-issues commented Jun 25, 2014

Moritz Schulze opened DATAREST-333 and commented

Currently OPTIONS requests on resources are not handled by Spring Data REST.

Firefox and Chrome will send an OPTIONS request to a resource if it is on another domain to evaluate the Access-Control-Allow-* headers. Those headers can be set with a filter in a Spring web environment, but since Spring Data REST does not register a handler method for OPTIONS that does not really help.

Resources:
w3c
mozilla


Issue Links:

Referenced from: commits b29fea8, e702853

@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented Jun 25, 2014

Sri commented

Adding headers could easily done using Spring using interceptors and wiring it to MVC Web configuration. SDR still need OPTIONS support though

CORS interceptor

public class CorsInterceptor extends HandlerInterceptorAdapter {

	@Override
	public boolean preHandle(HttpServletRequest request,
			HttpServletResponse response, Object handler) throws Exception {
		response.addHeader("Access-Control-Allow-Origin", "*");
		response.addHeader("Access-Control-Allow-Headers",
				"origin, content-type, accept, x-requested-with");
		return true;
	}

}

MVC configuration

public static class WebConfiguration extends DelegatingWebMvcConfiguration {

		@Override
		protected void addInterceptors(InterceptorRegistry registry) {
			registry.addInterceptor(new CorsInterceptor());
			super.addInterceptors(registry);
		}

	}

@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented Jun 25, 2014

Oliver Drotbohm commented

You might wanna have a look at the discussion in SPR-9278. It basically demonstrates how to implement it currently. Using a filter has the advantage that the controller doesn't have to expose a mapping for OPTIONS to make this work in the first place.

However, I am in the process of adding support for OPTIONS according to the general HTTP spec for the controllers we expose

@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented Jun 26, 2014

Oliver Drotbohm commented

I've implemented OPTIONS handlers for the root resource, collection and item resources as well as the search resource and query method resources. That in place should allow you to write a filter that handle CORS request correctly, right?

@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented Jun 26, 2014

Moritz Schulze commented

Yes, thath should help. I'll try it out with the snapshot

@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented Jun 27, 2014

Moritz Schulze commented

I just added the snapshot to my project and accessed my API in a CORS manner from an angular.js app. Worked like a charm! Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
type: enhancement
Projects
None yet
Development

No branches or pull requests

2 participants