GWT Restlet cross domain Put request

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

GWT Restlet cross domain Put request

Larry
Hi there

I have read extensively about (SOP) Same Origin Policy and the issues in the Browser.
I can successfully execute cross domain gets by setting the headers in the server to allow the request (Access-Control-Allow-Origin", "*").

The question is, are there different headers to allow post and put?
I can not get these methods to work using Restlet GWT, are these methods supported.

If so, can someone point me to an  example of GWT calling cross domain put/post, I have searched for example with no luck.

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=3068652
Reply | Threaded
Open this post in threaded view
|

Re: GWT Restlet cross domain Put request

Thierry Boileau-4
Hello,

>I can not get these methods to work using Restlet GWT, are these methods supported.
yes, these methods are supported.
I've never tested such method in a cross-domain context.

Best eregards,
Thierry Boileau


2013/11/18 Larry <[hidden email]>
Hi there

I have read extensively about (SOP) Same Origin Policy and the issues in the Browser.
I can successfully execute cross domain gets by setting the headers in the server to allow the request (Access-Control-Allow-Origin", "*").

The question is, are there different headers to allow post and put?
I can not get these methods to work using Restlet GWT, are these methods supported.

If so, can someone point me to an  example of GWT calling cross domain put/post, I have searched for example with no luck.

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=3068652

Reply | Threaded
Open this post in threaded view
|

RE: GWT Restlet cross domain Put request

Andy Dennie
In reply to this post by Larry
When the browser sends the OPTIONS pre-flight request, the server needs to respond with a Access-Control-Allow-Methods header indicating which methods are supported for CORS requests.

I'm doing something like this (hopefully the formatting won't get mangled...):

        Series<Header> requestHeaders = (Series<Header>)
                request.getAttributes().get(HeaderConstants.ATTRIBUTE_HEADERS);
        if (request.getMethod() == Method.OPTIONS &&
                requestHeaders.getFirstValue("Access-Control-Request-Method", true) != null) {
            // this is a pre-flight request.  Set the Access-Control-Allow-Methods header to reflect
            // the methods allowed on this resource
            addCustomResponseHeader(response, "Access-Control-Allow-Methods",
                    MethodWriter.write(response.getAllowedMethods()));


where addCustomResponseHeader looks like:

    private void addCustomResponseHeader(final Response response, final String header, final String value) {
        Series<Header> responseHeaders = (Series<Header>)
                response.getAttributes().get(HeaderConstants.ATTRIBUTE_HEADERS);
        if (responseHeaders == null) {
            responseHeaders = new Series(Header.class);
            response.getAttributes().put(HeaderConstants.ATTRIBUTE_HEADERS,
                    responseHeaders);
        }
        responseHeaders.add(new Header(header, value));
    }

------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=3070119