const classafBedSheet::CrossOriginResourceSharingFilter
sys::Obj afBedSheet::CrossOriginResourceSharingFilter
Cross Origin Resource Sharing (CORS) is a strategy for browsers to overcome the limitations of cross domain scripting. The handshake is done via http headers:
- The browser sets CORS specific http headers in the request
- The server inspects the headers and sets its own http headers in the response
- The browser asserts the resonse headers
On the browser side, most of the header setting and checking is done automatically by XMLHttpRequest
. On the server side, contribute the following routes to the paths that will service the ajax requests:
simpleRoute := Route(`<simple-path>`, CrossOriginResourceSharingFilter#serviceSimple, "GET POST") preflightRoute := Route(`<preflight-path>`, CrossOriginResourceSharingFilter#servicePrefilght, "OPTIONS") conf.add("corsSimple", simpleRoute, ["before: routes"]) conf.add("corsPreflight", preflightRoute, ["before: routes"])
And set the following config values:
- ConfigIds.corsAllowedOrigins
- ConfigIds.corsAllowCredentials
- ConfigIds.corsExposeHeaders
- ConfigIds.corsAllowedMethods
- ConfigIds.corsAllowedHeaders
- ConfigIds.corsMaxAge
@see Read the following for specifics: