flashingcursor/1 web.xml

## 1 web.xml
<init-param>
    <param-name>com.sun.jersey.spi.container.ContainerResponseFilters</param-name>
    <param-value>com.domandtom.api.web.security.ResponseCorsFilter</param-value>
</init-param>

## 2 java
package com.domandtom.api.web.security;

import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.ResponseBuilder;

import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerResponse;
import com.sun.jersey.spi.container.ContainerResponseFilter;

public class ResponseCorsFilter implements ContainerResponseFilter {

    @Override
    public ContainerResponse filter(ContainerRequest req, ContainerResponse contResp) {

        ResponseBuilder resp = Response.fromResponse(contResp.getResponse());
        resp.header("Access-Control-Allow-Origin", "*")
                .header("Access-Control-Allow-Methods", "GET, POST, OPTIONS");

        String reqHead = req.getHeaderValue("Access-Control-Request-Headers");

        if(null != reqHead && !reqHead.equals("")){
            resp.header("Access-Control-Allow-Headers", reqHead);
        }

        contResp.setResponse(resp.build());
            return contResp;
    }

}

## 3 jquery.iecors.js
// dkastner/jquery.iecors

(function( jQuery ) {
  // Create the request object
  // (This is still attached to ajaxSettings for backward compatibility)
  jQuery.ajaxSettings.xdr = function() {
    return (window.XDomainRequest ? new window.XDomainRequest() : null);
  };

  // Determine support properties
  (function( xdr ) {
    jQuery.extend( jQuery.support, { iecors: !!xdr });
  })( jQuery.ajaxSettings.xdr() );

  // Create transport if the browser can provide an xdr
  if ( jQuery.support.iecors ) {

    jQuery.ajaxTransport(function( s ) {
      var callback;

      return {
        send: function( headers, complete ) {
          var xdr = s.xdr();

          xdr.onload = function() {
            var headers = { 'Content-Type': xdr.contentType };
            complete(200, 'OK', { text: xdr.responseText }, headers);
          };

          // Apply custom fields if provided
  				if ( s.xhrFields ) {
            xhr.onerror = s.xhrFields.error;
            xhr.ontimeout = s.xhrFields.timeout;
					}

          xdr.open( s.type, s.url );

          // XDR has no method for setting headers O_o

          xdr.send( ( s.hasContent && s.data ) || null );
        },

        abort: function() {
          xdr.abort();
        }
      };
    });
  }
})( jQuery );

## 4 index.html
<!--[if lt IE 10]>
<script src="scripts/jquery.iecors.js"></script>
<![endif]-->

<script>
$.ajax({

  // The 'type' property sets the HTTP method.
  // A value of 'PUT' or 'DELETE' will trigger a preflight request.
  type: 'GET',

  // The URL to make the request to.
  url: 'http://api.wheelsup.com',

  // The 'contentType' property sets the 'Content-Type' header.
  // The JQuery default for this property is
  // 'application/x-www-form-urlencoded; charset=UTF-8', which does not trigger
  // a preflight. If you set this value to anything other than
  // application/x-www-form-urlencoded, multipart/form-data, or text/plain,
  // you will trigger a preflight request.
  contentType: 'text/plain',

  xhrFields: {
    // The 'xhrFields' property sets additional fields on the XMLHttpRequest.
    // This can be used to set the 'withCredentials' property.
    // Set the value to 'true' if you'd like to pass cookies to the server.
    // If this is enabled, your server must respond with the header
    // 'Access-Control-Allow-Credentials: true'.
    withCredentials: false
  },

  headers: {
    // Set any custom headers here.
    // If you set any non-simple headers, your server must include these
    // headers in the 'Access-Control-Allow-Headers' response header.
  },

  success: function() {
    // Here's where you handle a successful response.
  },

  error: function() {
    // Here's where you handle an error response.
    // Note that if the error was due to a CORS issue,
    // this function will still fire, but there won't be any additional
    // information about the error.
  }
});
</script>
	<init-param>
	<param-name>com.sun.jersey.spi.container.ContainerResponseFilters</param-name>
	<param-value>com.domandtom.api.web.security.ResponseCorsFilter</param-value>
	</init-param>
	package com.domandtom.api.web.security;

	import javax.ws.rs.core.Response;
	import javax.ws.rs.core.Response.ResponseBuilder;

	import com.sun.jersey.spi.container.ContainerRequest;
	import com.sun.jersey.spi.container.ContainerResponse;
	import com.sun.jersey.spi.container.ContainerResponseFilter;

	public class ResponseCorsFilter implements ContainerResponseFilter {

	@Override
	public ContainerResponse filter(ContainerRequest req, ContainerResponse contResp) {

	ResponseBuilder resp = Response.fromResponse(contResp.getResponse());
	resp.header("Access-Control-Allow-Origin", "*")
	.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS");

	String reqHead = req.getHeaderValue("Access-Control-Request-Headers");

	if(null != reqHead && !reqHead.equals("")){
	resp.header("Access-Control-Allow-Headers", reqHead);
	}

	contResp.setResponse(resp.build());
	return contResp;
	}

	}
	// dkastner/jquery.iecors

	(function( jQuery ) {
	// Create the request object
	// (This is still attached to ajaxSettings for backward compatibility)
	jQuery.ajaxSettings.xdr = function() {
	return (window.XDomainRequest ? new window.XDomainRequest() : null);
	};

	// Determine support properties
	(function( xdr ) {
	jQuery.extend( jQuery.support, { iecors: !!xdr });
	})( jQuery.ajaxSettings.xdr() );

	// Create transport if the browser can provide an xdr
	if ( jQuery.support.iecors ) {

	jQuery.ajaxTransport(function( s ) {
	var callback;

	return {
	send: function( headers, complete ) {
	var xdr = s.xdr();

	xdr.onload = function() {
	var headers = { 'Content-Type': xdr.contentType };
	complete(200, 'OK', { text: xdr.responseText }, headers);
	};

	// Apply custom fields if provided
	if ( s.xhrFields ) {
	xhr.onerror = s.xhrFields.error;
	xhr.ontimeout = s.xhrFields.timeout;
	}

	xdr.open( s.type, s.url );

	// XDR has no method for setting headers O_o

	xdr.send( ( s.hasContent && s.data ) \|\| null );
	},

	abort: function() {
	xdr.abort();
	}
	};
	});
	}
	})( jQuery );
	<!--[if lt IE 10]>
	<script src="scripts/jquery.iecors.js"></script>
	<![endif]-->

	<script>
	$.ajax({

	// The 'type' property sets the HTTP method.
	// A value of 'PUT' or 'DELETE' will trigger a preflight request.
	type: 'GET',

	// The URL to make the request to.
	url: 'http://api.wheelsup.com',

	// The 'contentType' property sets the 'Content-Type' header.
	// The JQuery default for this property is
	// 'application/x-www-form-urlencoded; charset=UTF-8', which does not trigger
	// a preflight. If you set this value to anything other than
	// application/x-www-form-urlencoded, multipart/form-data, or text/plain,
	// you will trigger a preflight request.
	contentType: 'text/plain',

	xhrFields: {
	// The 'xhrFields' property sets additional fields on the XMLHttpRequest.
	// This can be used to set the 'withCredentials' property.
	// Set the value to 'true' if you'd like to pass cookies to the server.
	// If this is enabled, your server must respond with the header
	// 'Access-Control-Allow-Credentials: true'.
	withCredentials: false
	},

	headers: {
	// Set any custom headers here.
	// If you set any non-simple headers, your server must include these
	// headers in the 'Access-Control-Allow-Headers' response header.
	},

	success: function() {
	// Here's where you handle a successful response.
	},

	error: function() {
	// Here's where you handle an error response.
	// Note that if the error was due to a CORS issue,
	// this function will still fire, but there won't be any additional
	// information about the error.
	}
	});
	</script>