Menu
▾
▴
Re: [Resteasy-users] @OPTIONS / allowing cross-site scripting
|
From: Rajshekhar A. <ran...@re...> - 2014-04-02 07:04:05
|
Andrew
The best option is to make an exception mapper for DefaultOptionsMethodException and add the CORS headers within the toResponse method of the mapper. For example:
@Provider
public class OptionsMethodExceptionMapper implements ExceptionMapper<DefaultOptionsMethodException>{
@Override
public Response toResponse(DefaultOptionsMethodException exception) {
Response.ResponseBuilder builder =Response.ok();
//..here add CORS to headers of the builder
return builder.build();
}
By doing this all your resources will have OPTIONS response with CORS headers.
Thanks
A.P. Rajshekhar
----- Original Message -----
From: "andrew simpson" <and...@gm...>
To: res...@li...
Sent: Tuesday, April 1, 2014 11:28:45 AM
Subject: [Resteasy-users] @OPTIONS / allowing cross-site scripting
I've hit a well-known problem with cross site scripting; I'd like to develop javascript locally, but using REST services hosted remotely
http://stackoverflow.com/questions/14589031/ajax-request-with-jax-rs-resteasy-implementing-cors
I've tried a number of ways of implementing an OPTIONS method that allows clients from other origins to collect, but none of them seem to work. I've tried curl to confirm with curl, but don't see the access-control-* headers returned; my suspicion is that the @path directives are somehow not matching my request.
Does anyone have a pointer to an example which works with a recent version of RestEasy (I'm using 3.0.6 and JBoss AS 7.1.1)
Thanks..
Andrew
|
