001    package org.cumulus4j.keymanager.back.shared;
002    
003    import java.io.IOException;
004    
005    import javax.servlet.Filter;
006    import javax.servlet.FilterChain;
007    import javax.servlet.FilterConfig;
008    import javax.servlet.ServletException;
009    import javax.servlet.ServletRequest;
010    import javax.servlet.ServletResponse;
011    import javax.servlet.http.HttpServletResponse;
012    
013    /**
014     * A filter adding headers to allow JavaScript clients to avoid
015     * the same origin policy.
016     * @author Marc Klinger - mklinger[at]nightlabs[dot]de
017     */
018    public class AjaxHeadersFilter implements Filter {
019    
020            @Override
021            public void init(final FilterConfig filterConfig) throws ServletException {
022            }
023    
024            @Override
025            public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
026                    if (response instanceof HttpServletResponse) {
027                            final HttpServletResponse r = (HttpServletResponse) response;
028                            r.setHeader("Allow-Control-Allow-Methods", "POST,PUT,GET,OPTIONS");
029                            r.setHeader("Access-Control-Allow-Credentials", "true");
030                            r.setHeader("Access-Control-Allow-Origin", "*");
031                            r.setHeader("Access-Control-Allow-Headers", "Content-Type,Accept,Authorization");
032                    }
033                    chain.doFilter(request, response);
034            }
035    
036            @Override
037            public void destroy() {
038            }
039    }