diff --git a/src/main/java/com/commafeed/frontend/InterceptingFilter.java b/src/main/java/com/commafeed/frontend/InterceptingFilter.java new file mode 100644 index 00000000..b92e3473 --- /dev/null +++ b/src/main/java/com/commafeed/frontend/InterceptingFilter.java @@ -0,0 +1,53 @@ +package com.commafeed.frontend; + +import java.io.IOException; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.annotation.WebFilter; +import javax.servlet.http.HttpServletResponse; + +@WebFilter(urlPatterns = "/*") +public class InterceptingFilter implements Filter { + + private static final String HEADER_CORS = "Access-Control-Allow-Origin"; + private static final String HEADER_CORS_VALUE = "*"; + private static final String HEADER_CORS_METHODS = "Access-Control-Allow-Methods"; + private static final String HEADER_CORS_METHODS_VALUE = "POST, GET, OPTIONS"; + private static final String HEADER_CORS_MAXAGE = "Access-Control-Max-Age"; + private static final String HEADER_CORS_MAXAGE_VALUE = "2592000"; + private static final String HEADER_CORS_ALLOW_HEADERS = "Access-Control-Allow-Headers"; + private static final String HEADER_CORS_ALLOW_HEADERS_VALUE = "Authorization"; + private static final String HEADER_CORS_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials"; + private static final String HEADER_CORS_ALLOW_CREDENTIALS_VALUE = "true"; + + private static final String HEADER_X_UA_COMPATIBLE = "X-UA-Compatible"; + private static final String HEADER_X_UA_COMPATIBLE_VALUE = "IE=Edge,chrome=1"; + + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { + HttpServletResponse resp = (HttpServletResponse) response; + resp.addHeader(HEADER_CORS, HEADER_CORS_VALUE); + resp.addHeader(HEADER_CORS_METHODS, HEADER_CORS_METHODS_VALUE); + resp.addHeader(HEADER_CORS_MAXAGE, HEADER_CORS_MAXAGE_VALUE); + resp.addHeader(HEADER_CORS_ALLOW_HEADERS, HEADER_CORS_ALLOW_HEADERS_VALUE); + resp.addHeader(HEADER_CORS_ALLOW_CREDENTIALS, HEADER_CORS_ALLOW_CREDENTIALS_VALUE); + + resp.addHeader(HEADER_X_UA_COMPATIBLE, HEADER_X_UA_COMPATIBLE_VALUE); + + chain.doFilter(request, response); + } + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + } + + @Override + public void destroy() { + } + +} diff --git a/src/main/java/com/commafeed/frontend/rest/JsonProvider.java b/src/main/java/com/commafeed/frontend/rest/JsonProvider.java index 9021777a..7f7d26b8 100644 --- a/src/main/java/com/commafeed/frontend/rest/JsonProvider.java +++ b/src/main/java/com/commafeed/frontend/rest/JsonProvider.java @@ -19,18 +19,6 @@ public class JsonProvider extends JacksonJsonProvider { private static final String CONTENT_TYPE_VALUE_SUFFIX = ";charset=UTF-8"; private static final String CACHE_CONTROL_VALUE = "no-cache"; - private static final String HEADER_CORS = "Access-Control-Allow-Origin"; - private static final String HEADER_CORS_VALUE = "*"; - private static final String HEADER_CORS_METHODS = "Access-Control-Allow-Methods"; - private static final String HEADER_CORS_METHODS_VALUE = "POST, GET, OPTIONS"; - private static final String HEADER_CORS_MAXAGE = "Access-Control-Max-Age"; - private static final String HEADER_CORS_MAXAGE_VALUE = "2592000"; - private static final String HEADER_CORS_ALLOW_HEADERS = "Access-Control-Allow-Headers"; - private static final String HEADER_CORS_ALLOW_HEADERS_VALUE = "Authorization"; - - private static final String HEADER_X_UA_COMPATIBLE = "X-UA-Compatible"; - private static final String HEADER_X_UA_COMPATIBLE_VALUE = "IE=Edge,chrome=1"; - @Override public void writeTo(Object value, Class type, Type genericType, Annotation[] annotations, MediaType mediaType, MultivaluedMap httpHeaders, OutputStream entityStream) throws IOException { @@ -39,13 +27,6 @@ public class JsonProvider extends JacksonJsonProvider { httpHeaders.putSingle(HttpHeaders.CACHE_CONTROL, CACHE_CONTROL_VALUE); httpHeaders.putSingle(HttpHeaders.PRAGMA, CACHE_CONTROL_VALUE); - httpHeaders.putSingle(HEADER_CORS, HEADER_CORS_VALUE); - httpHeaders.putSingle(HEADER_CORS_METHODS, HEADER_CORS_METHODS_VALUE); - httpHeaders.putSingle(HEADER_CORS_MAXAGE, HEADER_CORS_MAXAGE_VALUE); - httpHeaders.putSingle(HEADER_CORS_ALLOW_HEADERS, HEADER_CORS_ALLOW_HEADERS_VALUE); - - httpHeaders.putSingle(HEADER_X_UA_COMPATIBLE, HEADER_X_UA_COMPATIBLE_VALUE); - super.writeTo(value, type, genericType, annotations, mediaType, httpHeaders, entityStream); }