Added proper headers for cross-origin resource sharing (CORS) with Ajax

Previously, when responding to Ajax requests, elasticsearch did not send proper headers for
cross-origin resource sharing (CORS) -- see issues #828, #2186.

With this commit, Ajax requests should be working. Example:

    jQuery.ajax({
      url: "http://localhost:9200/_search",
      type: "POST",
      contentType: 'application/json; charset=UTF-8',
      success: function(data) { console.log(data) }
    });

See:

* http://www.nczonline.net/blog/2010/05/25/cross-domain-ajax-with-cross-origin-resource-sharing/
* http://www.w3.org/TR/cors/#access-control-allow-headers-response-header

Closes #2186, fixes #828
This commit is contained in:
Karel Minarik 2012-09-06 09:07:18 +02:00 committed by Shay Banon
parent f2db8eaca2
commit f659cad8d6
1 changed files with 4 additions and 4 deletions

View File

@ -73,13 +73,13 @@ public class NettyHttpChannel implements HttpChannel {
resp = new DefaultHttpResponse(HttpVersion.HTTP_1_1, status); resp = new DefaultHttpResponse(HttpVersion.HTTP_1_1, status);
} }
if (RestUtils.isBrowser(request.getHeader(HttpHeaders.Names.USER_AGENT))) { if (RestUtils.isBrowser(request.getHeader(HttpHeaders.Names.USER_AGENT))) {
// add support for cross origin // Add support for cross-origin Ajax requests (CORS)
resp.addHeader("Access-Control-Allow-Origin", "*"); resp.addHeader("Access-Control-Allow-Origin", "*");
if (request.getMethod() == HttpMethod.OPTIONS) { if (request.getMethod() == HttpMethod.OPTIONS) {
// also add more access control parameters // Allow Ajax requests based on the CORS "preflight" request
resp.addHeader("Access-Control-Max-Age", 1728000); resp.addHeader("Access-Control-Max-Age", 1728000);
resp.addHeader("Access-Control-Allow-Methods", "PUT, DELETE"); resp.addHeader("Access-Control-Allow-Methods", "OPTIONS, HEAD, GET, POST, PUT, DELETE");
resp.addHeader("Access-Control-Allow-Headers", "X-Requested-With"); resp.addHeader("Access-Control-Allow-Headers", "X-Requested-With, Content-Type, Content-Length");
} }
} }