null
(which is the default), the server will return CORS (Cross Origin Resource Sharing) headers with the given domain string.
- *
- * A value of "*" indicates that the server allows access to all domains (which may be appropriate in development situations but is generally not appropriate in production)
- */
- public void setCorsAllowDomain(String theCorsAllowDomain) {
- myCorsAllowDomain = theCorsAllowDomain;
- }
/**
* Constructor
@@ -137,13 +123,6 @@ public class RestfulServer extends HttpServlet {
*/
public void addHeadersToResponse(HttpServletResponse theHttpResponse) {
theHttpResponse.addHeader("X-Powered-By", "HAPI FHIR " + VersionUtil.getVersion() + " RESTful Server");
-
- if (isNotBlank(myCorsAllowDomain)) {
- theHttpResponse.addHeader(Constants.HEADER_CORS_ALLOW_ORIGIN, myCorsAllowDomain);
- theHttpResponse.addHeader(Constants.HEADER_CORS_ALLOW_METHODS, Constants.HEADERVALUE_CORS_ALLOW_METHODS_ALL);
- theHttpResponse.addHeader(Constants.HEADER_CORS_EXPOSE_HEADERS, Constants.HEADER_CONTENT_LOCATION);
- }
-
}
private void assertProviderIsValid(Object theNext) throws ConfigurationException {
diff --git a/hapi-fhir-base/src/site/site.xml b/hapi-fhir-base/src/site/site.xml
index 1d36991a1cc..cd162df0422 100644
--- a/hapi-fhir-base/src/site/site.xml
+++ b/hapi-fhir-base/src/site/site.xml
@@ -67,6 +67,7 @@
+ If you are intending to support JavaScript clients in your server application,
+ you will need to enable Cross Origin Resource Sharing (CORS). There are
+ a number of ways of supporting this, but the easiest is to use a servlet filter.
+
+ The recommended filter for this purpose is the
+ eBay Open Sourced
+ CORS Filter (Licensed under
+ the Apache Software License 2.0).
+
+ To add CORS support using this library, there are two simple steps:
+
+ In your server WAR file, you must include the cors-filter-X.X.X.JAR
+ dependency. This dependency is included in the HAPI distribution.
+
+ If you are using Maven, this JAR is marked as optional so you will need to
+ explicitly include it in your project pom.xml using the following dependency:
+
+ In your web.xml file (within the WEB-INF directory in your WAR file), + the following filter definition adds the CORS filter, including support + for the X-FHIR-Starter header defined by SMART Platforms. +
+ + + +