CORS

Today I added Cross Origin Resource Sharing headers (Access-Control-Allow-Origin: *) to the DAS Registry both for the responses to requests for example http://www.dasregistry.org/das/sources and to the testing of other DAS sources in the registry.  This means that JavaScript based DAS clients will not need to go via a proxy to send requests to DAS servers residing on a different server/domain to the one the client is running on. Currently JSDAS has to run through a proxy, a php one if in the standard download or the one the registry uses is a java based one with code like this:

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

String urlString=request.getParameter(“url”);
response.setHeader(“Content-Type”, “text/xml”);
//        response.setContentType(“text/xml”);
urlString=urlString.replace(” “,”+”);
//System.out.println(“urlString=”+urlString);
URLConnection connection = new URL(urlString).openConnection();

String contentEncoding = connection.getHeaderField(“Content-Encoding”);//should be”Content-Encoding”,”ISO-8859-1″)
//System.out.println(“content type=”+contentEncoding);
//if (contentType.startsWith(“text”)) {
//String charset = “ISO-8859-1”;//this encoding is what the registry uses so must be set here to override default;
//System.out.println(“charset=”+charset);
BufferedReader reader = null;
PrintWriter writer=response.getWriter();
try {
reader = new BufferedReader(new InputStreamReader( connection.getInputStream(), contentEncoding));
for (String line; (line = reader.readLine()) != null;) {
writer.println(line);
//System.out.println(line);
}
} finally {
if (reader != null) try { reader.close(); } catch (IOException logOrIgnore) {}
}

reader.close();
writer.flush();
writer.close();

//}

}  // end of main

http://dev.w3.org/2006/waf/access-control/  states:

“defines a mechanism to enable client-side cross-origin requests. Specifications that enable an API to make cross-origin requests to resources can use the algorithms defined by this specification. If such an API is used on http://example.org resources, a resource on http://hello-world.example can opt in using the mechanism described by this specification (e.g., specifying Access-Control-Allow-Origin: http://example.org as response header), which would allow that resource to be fetched cross-origin from http://example.org.”

I guess this is only supported in later versions of Firefox and safari….??

another useful link about this is here: http://saltybeagle.com/2009/09/cross-origin-resource-sharing-demo/

Advertisements
    • thomasd
    • July 21st, 2010

    The browser support isn’t too bad. Firefox has supported this since 3.5, and webkit browsers similarly, so I doubt there are many Mozilla or Webkit-based browsers still in the wild which won’t do this.

    IE8+ also supports this, but you have to use the new XDomainRequest API instead of XMLHttpRequest, which is a bit of pain. I’m hoping they might fix this in IE9.

    • Have you got some example code to handle varying browser support and cors support? Would be really good to have something here or on biodas.org to get people started?

        • thomasd
        • July 21st, 2010

        This is what I’m using at the moment (NB. as far as I can tell, IE doesn’t support credentialed CORS yet)

      • Thanks Thomas!

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: