Skip to content

Instantly share code, notes, and snippets.

@lholmquist
Created December 12, 2012 14:23
Show Gist options
  • Save lholmquist/4268092 to your computer and use it in GitHub Desktop.
Save lholmquist/4268092 to your computer and use it in GitHub Desktop.
Aerogear.js and Controller CORS

CORS with Aerogear.js and AG-Controller

2 things.

So when using aerogear.js to make a cross domain call,

var pipeline = AeroGear.Pipeline();
        cors = pipeline.add( {
            name: "cors",
            settings: {
                baseURL: "http://localhost:8080/aerogear-controller-demo/",
                endpoint: "login/"
            }
        });

        pipeline.pipes.cors.read({
            success: function( data, xhr, thing1 ) {
                console.log( data );
            },
            error: function( error ) {
                console.log( error );
            }
        });

the initial OPTIONS request looks similar to this. Request URL:http://localhost:8080/aerogear-controller-demo/login/

Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:origin, content-type, accept
Access-Control-Request-Method:GET
Cache-Control:max-age=0
Connection:keep-alive
Host:localhost:8080
Origin:http://localhost:8000
Pragma:no-cache
Referer:http://localhost:8000/app/cors.html
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11

I just copy and pasted this from chrome dev tools.

Here is what the CORS config looks like in the controller demo, for those who don't want to go look it up

@Produces
public CorsConfiguration demoConfig() {
    return CorsConfig.enableCorsSupport()
            .anyOrigin()
            .enableCookies()
            .maxAge(20)
            .enableAllRequestMethods()
            .build();
}

So the above request will fail since it has more headers than just "origin". This brings me to my first question:

How do i specify more headers in this config object?, i guess in this case it would be origin, content-type, and accept

Now to the second part

I modified my local aerogear-controller to add these other headers in by default, and then ran the above request again.

This time i get the same OPTIONS request but then i get a cross domain error with the follow up GET that the browser makes

Request URL:http://localhost:8080/aerogear-controller-demo/login/

Request Headersview source
Accept:application/json, text/javascript, */*; q=0.01
Cache-Control:no-cache
Content-Type:application/json
Origin:http://localhost:8000
Pragma:no-cache
Referer:http://localhost:8000/app/cors.html
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11

And i don't get any errors on the server log, so not really sure whats going on here

This is the repo i was using to play around with https://github.com/lholmquist/WoWAerogear checkout the cors.html and cors.js page

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment