• Software Overview
• JsWorld
  • Online demo
  • Quick start
  • Use cases
  • Library design and features
  • Numeric formatting
  • Currency formatting
  • Date/time formatting
  • Parsing
  • Supported locales
• JSON-RPC 2.0
  • Overview
  • Base Java classes
  • Interactive shell
  • Server
  • Client
  • Tips and tricks
• Json2Ldap
• CORS Filter
  • Overview
  • Installation
  • Configuration
  • Request tagging
  • Specification
  • Tips and tricks
  • Browser bugs and quirks
• Nimbus SRP
  • Overview
  • Usage
  • Tools
  • Specification
• About + Contact
• Download

Cross-origin resource sharing (CORS) support

The CORS filter allows a Java web application to handle cross-site HTTP requests from web browsers according to the Cross-Origin Resource Sharing (CORS) mechanism specified by the W3C (2010-07-10).

Supported CORS request types:

• Simple/actual requests
• Preflight requests

Supported CORS headers:

• Request headers:
  • Origin
  • Access-Control-Request-Method
  • Access-Control-Request-Headers
• Response headers:
  • Access-Control-Allow-Origin
  • Access-Control-Allow-Credentials
  • Access-Control-Allow-Methods
  • Access-Control-Allow-Headers
  • Access-Control-Expose-Headers
  • Access-Control-Max-Age

Java Servlet Filter

The software is implemented as a Java servlet filter that can be plugged into any web application running in a standard Java servlet container, such as the popular open source Apache Tomcat server. The CORS filter does its job in a wholly transparent manner; no modifications to existing Java application code are required.

Configuration

The CORS filter can be run in the default policy mode (all origins allowed, credentials allowed), or it may be optionally configured to impose a specific access policy.

The configuration is specified using standard init-param elements in the web.xml descriptor file.

Available configuration parameters:

• cors.allowGenericHttpRequests
• cors.allowOrigin
• cors.supportedMethods
• cors.supportedHeaders
• cors.exposedHeaders
• cors.supportsCredentials
• cors.maxAge

HTTP request tagging

Each filtered HTTP request is tagged to provide optional CORS-related information to downstream handlers (other filters or the target resource).

Applied tags:

• cors.isCorsRequest
• cors.origin
• cors.requestType
• cors.requestHeaders

System requirements and dependencies

• Java 1.5+
• Java servlet container, conforming to version 2.5+ of the servlet API.
• PropertyUtil 1.4 - Utility library for typed retrieval of properties, developed in-house, included in the download package.

Source code

The CORS Filter source code, build script and demo code is included in the download package.

JavaDocs

Browse the CORS Filter JavaDocs.

Change log

• version 1.0 (2010-09-29)
  • First official release.
• version 1.1 (2010-10-10)
  • Tags CORS requests for downstream notification using HttpServletRequest.addAttribute().
• version 1.2 (2010-12-13)
  • Released under the Apache Open Source License 2.0.
• version 1.2.1 (2011-07-29)
  • Updates Property Util JAR to 1.4.
  • Updates documentation to reflect the latest W3C CORS terminology.
• version 1.3 (2011-12-02)
  • Fixes improper detection of actual HTTP OPTIONS CORS requests.
  • Updates Property Util JAR to 1.5.
• version 1.3.1 (2011-12-02)
  • Removes improper filter chain for preflight HTTP OPTIONS CORS requests.

[d]zhuvinov [s]oftware

JsWorld Online demo Quick start Use cases Library design and features Numeric formatting Currency formatting Date/time formatting Parsing Supported locales

JSON-RPC 2.0 Overview Base Java classes Interactive shell Server Client Tips and tricks

CORS Filter Overview Installation Configuration Request tagging Specification Tips and tricks

Nimbus SRP Overview Usage Tools Specification

Software Overview About + Contact Download

Copyright © Vladimir Dzhuvinov, 2008 - 2012

[ software.dzhuvinov.com ]