Today I added Cross Origin Resource Sharing headers (Access-Control-Allow-Origin: *) to the DAS Registry both for the responses to requests for example and to the testing of other DAS sources in the registry.  This means that JavaScript based DAS clients will not need to go via a proxy to send requests to DAS servers residing on a different server/domain to the one the client is running on. Currently JSDAS has to run through a proxy, a php one if in the standard download or the one the registry uses is a java based one with code like this:

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

String urlString=request.getParameter(“url”);
response.setHeader(“Content-Type”, “text/xml”);
//        response.setContentType(“text/xml”);
urlString=urlString.replace(” “,”+”);
URLConnection connection = new URL(urlString).openConnection();

String contentEncoding = connection.getHeaderField(“Content-Encoding”);//should be”Content-Encoding”,”ISO-8859-1″)
//System.out.println(“content type=”+contentEncoding);
//if (contentType.startsWith(“text”)) {
//String charset = “ISO-8859-1”;//this encoding is what the registry uses so must be set here to override default;
BufferedReader reader = null;
PrintWriter writer=response.getWriter();
try {
reader = new BufferedReader(new InputStreamReader( connection.getInputStream(), contentEncoding));
for (String line; (line = reader.readLine()) != null;) {
} finally {
if (reader != null) try { reader.close(); } catch (IOException logOrIgnore) {}



}  // end of main  states:

“defines a mechanism to enable client-side cross-origin requests. Specifications that enable an API to make cross-origin requests to resources can use the algorithms defined by this specification. If such an API is used on resources, a resource on http://hello-world.example can opt in using the mechanism described by this specification (e.g., specifying Access-Control-Allow-Origin: as response header), which would allow that resource to be fetched cross-origin from”

I guess this is only supported in later versions of Firefox and safari….??

another useful link about this is here:

    • thomasd
    • July 21st, 2010

    The browser support isn’t too bad. Firefox has supported this since 3.5, and webkit browsers similarly, so I doubt there are many Mozilla or Webkit-based browsers still in the wild which won’t do this.

    IE8+ also supports this, but you have to use the new XDomainRequest API instead of XMLHttpRequest, which is a bit of pain. I’m hoping they might fix this in IE9.

    • Have you got some example code to handle varying browser support and cors support? Would be really good to have something here or on to get people started?

        • thomasd
        • July 21st, 2010

        This is what I’m using at the moment (NB. as far as I can tell, IE doesn’t support credentialed CORS yet)

      • Thanks Thomas!

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: