honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

only add cross origin header if the request is coming from a browser

This commit is contained in:
Shay Banon 2011-07-30 23:44:27 +03:00
parent e6ee276926
commit 5e8a021405
2 changed files with 48 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
modules/elasticsearch/src/main/java/org/elasticsearch/http/HttpHelper.java Normal file
View File

@ -0,0 +1,38 @@
/*
* Licensed to Elastic Search and Shay Banon under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. Elastic Search licenses this
* file to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.elasticsearch.http;
import org.elasticsearch.common.Nullable;
/**
*/
public class HttpHelper {
public static boolean isBrowser(@Nullable String userAgent) {
if (userAgent == null) {
return false;
}
// chrome, safari, firefox, ie
if (userAgent.startsWith("Mozilla")) {
return true;
}
return false;
}
}

17
modules/elasticsearch/src/main/java/org/elasticsearch/http/netty/NettyHttpChannel.java
View File

@ -36,6 +36,7 @@ import org.elasticsearch.common.netty.handler.codec.http.HttpVersion;
import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.http.HttpChannel; import org.elasticsearch.http.HttpChannel;
import org.elasticsearch.http.HttpException; import org.elasticsearch.http.HttpException;
import org.elasticsearch.http.HttpHelper;
import org.elasticsearch.rest.RestResponse; import org.elasticsearch.rest.RestResponse;
import org.elasticsearch.rest.RestStatus; import org.elasticsearch.rest.RestStatus;
import org.elasticsearch.rest.XContentRestResponse; import org.elasticsearch.rest.XContentRestResponse;
@ -77,13 +78,15 @@ public class NettyHttpChannel implements HttpChannel {
} else { } else {
resp = new DefaultHttpResponse(HttpVersion.HTTP_1_1, status); resp = new DefaultHttpResponse(HttpVersion.HTTP_1_1, status);
} }
// add support for cross origin if (HttpHelper.isBrowser(request.getHeader(HttpHeaders.Names.USER_AGENT))) {
resp.addHeader("Access-Control-Allow-Origin", "*"); // add support for cross origin
if (request.getMethod() == HttpMethod.OPTIONS) { resp.addHeader("Access-Control-Allow-Origin", "*");
// also add more access control parameters if (request.getMethod() == HttpMethod.OPTIONS) {
resp.addHeader("Access-Control-Max-Age", 1728000); // also add more access control parameters
resp.addHeader("Access-Control-Allow-Methods", "PUT, DELETE"); resp.addHeader("Access-Control-Max-Age", 1728000);
resp.addHeader("Access-Control-Allow-Headers", "X-Requested-With"); resp.addHeader("Access-Control-Allow-Methods", "PUT, DELETE");
resp.addHeader("Access-Control-Allow-Headers", "X-Requested-With");
}
} }
// Convert the response content to a ChannelBuffer. // Convert the response content to a ChannelBuffer.