001 package org.cumulus4j.keymanager.back.shared; 002 003 import java.io.IOException; 004 005 import javax.servlet.Filter; 006 import javax.servlet.FilterChain; 007 import javax.servlet.FilterConfig; 008 import javax.servlet.ServletException; 009 import javax.servlet.ServletRequest; 010 import javax.servlet.ServletResponse; 011 import javax.servlet.http.HttpServletResponse; 012 013 /** 014 * A filter adding headers to allow JavaScript clients to avoid 015 * the same origin policy. 016 * @author Marc Klinger - mklinger[at]nightlabs[dot]de 017 */ 018 public class AjaxHeadersFilter implements Filter { 019 020 @Override 021 public void init(final FilterConfig filterConfig) throws ServletException { 022 } 023 024 @Override 025 public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException { 026 if (response instanceof HttpServletResponse) { 027 final HttpServletResponse r = (HttpServletResponse) response; 028 r.setHeader("Allow-Control-Allow-Methods", "POST,PUT,GET,OPTIONS"); 029 r.setHeader("Access-Control-Allow-Credentials", "true"); 030 r.setHeader("Access-Control-Allow-Origin", "*"); 031 r.setHeader("Access-Control-Allow-Headers", "Content-Type,Accept,Authorization"); 032 } 033 chain.doFilter(request, response); 034 } 035 036 @Override 037 public void destroy() { 038 } 039 }