This gist relates to AEROGEAR-534, https://issues.jboss.org/browse/AEROGEAR-534
I created a node.js server that handles CORS and jsonp for my testing
###Cross Domain Support
To do cross domain request, i've modified aerogear.js a bit.
I've added a new settings variable, settings.crossdomain, that can be mixed. If set to true, it will default to CORS, to override to jsonp set settings.crossdomain.type = "jsonp"
var pipeline = AeroGear.Pipeline();
jsonp = pipeline.add( {
name: "jsonp",
settings: {
baseURL: "http://localhost:8080",
endpoint: "/",
crossdomain: {
type: "jsonp",
jsonp: "jsonp" //this is optional and will default to callback, jquery default
}
}
});
cors = pipeline.add( {
name: "cors",
settings: {
baseURL: "http://localhost:8080",
endpoint: "/",
crossdomain: true
}
});
If the user wants to use CORS, settings.crossdomain = true, but there browser doesn't support CORS, then AeroGear.Ajax will fallback to jsonp
###CORS
since IE9 doesn't use the same thing as the rest of the browser world, i add in a small lib, https://github.com/jaubourg/ajaxHooks, in the external/ actually just the xdr.js file
Although i haven't actually tested that it works
###AeroGear.Ajax
The majority of the changes happen in the AeroGear.Ajax function
Here is the commit for this
https://github.com/lholmquist/aerogear-js/commit/d3d3ecaac1d2648f37d66b46f7e776029b2a3517
At the moment the only overridable options in the crossdomain object are jsonp related. I guess this would be the place to add CORS options, if we wanted to
Interestingly enough, if you don't specify any of the new settings, CORS will work, if the server supports it, out of the box.
This is my simple node.js server
var express = require( "express" );
var app = express();
app.all( "/", function(request,response) {
// When dealing with CORS (Cross-Origin Resource Sharing)
// requests, the client should pass-through its origin (the
// requesting domain). We should either echo that or use *
// if the origin was not passed.
var origin = (request.headers.origin || "*");
// Check to see if this is a security check by the browser to
// test the availability of the API for the client. If the
// method is OPTIONS, the browser is check to see to see what
// HTTP methods (and properties) have been granted to the
// client.
if (request.method.toUpperCase() === "OPTIONS"){
// Echo back the Origin (calling domain) so that the
// client is granted access to make subsequent requests
// to the API.
response.status( 204 );
response.header(
{
"access-control-allow-origin": origin,
"access-control-allow-methods": "GET, PUT, DELETE, OPTIONS",
"access-control-allow-headers": "content-type, accept",
"access-control-max-age": 10, // Seconds.
"content-length": 0
}
);
}
// End the response - we're not sending back any content.
response.status( 200 );
response.header(
{
"access-control-allow-origin": origin,
"content-type": "application/json"
}
);
var callback = request.query.callback || request.query.jsonp;
if( callback ) {
response.send( callback + "({response:'stuff'})");
} else {
response.send( {response:'stuff'});
}
});
app.listen( 8080 );
// Debugging:
console.log( "Node.js listening on port 8080" );
The doc says
to override to jsonp set settings.crossdomain.type = "jsonp"the code has:
is the
jsonp: "jsonp"a typo? (kinda confusing to see type and jsonp set to "jsonp")IE9