Skip to content

Instantly share code, notes, and snippets.

@flashingcursor
Last active December 25, 2015 01:39
Show Gist options
  • Save flashingcursor/6896484 to your computer and use it in GitHub Desktop.
Save flashingcursor/6896484 to your computer and use it in GitHub Desktop.
Jersey API and jQuery CORS (Cross Origin Resource Sharing) for IE8+
<init-param>
<param-name>com.sun.jersey.spi.container.ContainerResponseFilters</param-name>
<param-value>com.domandtom.api.web.security.ResponseCorsFilter</param-value>
</init-param>
package com.domandtom.api.web.security;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.ResponseBuilder;
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerResponse;
import com.sun.jersey.spi.container.ContainerResponseFilter;
public class ResponseCorsFilter implements ContainerResponseFilter {
@Override
public ContainerResponse filter(ContainerRequest req, ContainerResponse contResp) {
ResponseBuilder resp = Response.fromResponse(contResp.getResponse());
resp.header("Access-Control-Allow-Origin", "*")
.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
String reqHead = req.getHeaderValue("Access-Control-Request-Headers");
if(null != reqHead && !reqHead.equals("")){
resp.header("Access-Control-Allow-Headers", reqHead);
}
contResp.setResponse(resp.build());
return contResp;
}
}
// dkastner/jquery.iecors
(function( jQuery ) {
// Create the request object
// (This is still attached to ajaxSettings for backward compatibility)
jQuery.ajaxSettings.xdr = function() {
return (window.XDomainRequest ? new window.XDomainRequest() : null);
};
// Determine support properties
(function( xdr ) {
jQuery.extend( jQuery.support, { iecors: !!xdr });
})( jQuery.ajaxSettings.xdr() );
// Create transport if the browser can provide an xdr
if ( jQuery.support.iecors ) {
jQuery.ajaxTransport(function( s ) {
var callback;
return {
send: function( headers, complete ) {
var xdr = s.xdr();
xdr.onload = function() {
var headers = { 'Content-Type': xdr.contentType };
complete(200, 'OK', { text: xdr.responseText }, headers);
};
// Apply custom fields if provided
if ( s.xhrFields ) {
xhr.onerror = s.xhrFields.error;
xhr.ontimeout = s.xhrFields.timeout;
}
xdr.open( s.type, s.url );
// XDR has no method for setting headers O_o
xdr.send( ( s.hasContent && s.data ) || null );
},
abort: function() {
xdr.abort();
}
};
});
}
})( jQuery );
<!--[if lt IE 10]>
<script src="scripts/jquery.iecors.js"></script>
<![endif]-->
<script>
$.ajax({
// The 'type' property sets the HTTP method.
// A value of 'PUT' or 'DELETE' will trigger a preflight request.
type: 'GET',
// The URL to make the request to.
url: 'http://api.wheelsup.com',
// The 'contentType' property sets the 'Content-Type' header.
// The JQuery default for this property is
// 'application/x-www-form-urlencoded; charset=UTF-8', which does not trigger
// a preflight. If you set this value to anything other than
// application/x-www-form-urlencoded, multipart/form-data, or text/plain,
// you will trigger a preflight request.
contentType: 'text/plain',
xhrFields: {
// The 'xhrFields' property sets additional fields on the XMLHttpRequest.
// This can be used to set the 'withCredentials' property.
// Set the value to 'true' if you'd like to pass cookies to the server.
// If this is enabled, your server must respond with the header
// 'Access-Control-Allow-Credentials: true'.
withCredentials: false
},
headers: {
// Set any custom headers here.
// If you set any non-simple headers, your server must include these
// headers in the 'Access-Control-Allow-Headers' response header.
},
success: function() {
// Here's where you handle a successful response.
},
error: function() {
// Here's where you handle an error response.
// Note that if the error was due to a CORS issue,
// this function will still fire, but there won't be any additional
// information about the error.
}
});
</script>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment