From 8370a22ce717708117c2fffbe270e35784d1cd21 Mon Sep 17 00:00:00 2001 From: Patrick Werner Date: Thu, 24 Aug 2017 16:01:19 +0200 Subject: [PATCH 1/2] fixed CORS PreFlight --- hapi-fhir-jpaserver-example/src/main/webapp/WEB-INF/web.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hapi-fhir-jpaserver-example/src/main/webapp/WEB-INF/web.xml b/hapi-fhir-jpaserver-example/src/main/webapp/WEB-INF/web.xml index 39d8f8970a3..4bba1d9adc6 100644 --- a/hapi-fhir-jpaserver-example/src/main/webapp/WEB-INF/web.xml +++ b/hapi-fhir-jpaserver-example/src/main/webapp/WEB-INF/web.xml @@ -76,7 +76,7 @@ A comma separated list of allowed headers when making a non simple CORS request. cors.allowed.headers - X-FHIR-Starter,Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers + X-FHIR-Starter,Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers,Prefer A comma separated list non-standard response headers that will be exposed to XHR2 object. From 03c2633ae29dc1796ea3bc52211ce98a5653ddb5 Mon Sep 17 00:00:00 2001 From: Patrick Werner Date: Thu, 24 Aug 2017 16:03:36 +0200 Subject: [PATCH 2/2] fixed CORS PreFlight in HAPI CLI --- .../ca/uhn/fhir/jpa/demo/JpaServerDemo.java | 31 ++++++++++++------- 1 file changed, 20 insertions(+), 11 deletions(-) diff --git a/hapi-fhir-cli/hapi-fhir-cli-jpaserver/src/main/java/ca/uhn/fhir/jpa/demo/JpaServerDemo.java b/hapi-fhir-cli/hapi-fhir-cli-jpaserver/src/main/java/ca/uhn/fhir/jpa/demo/JpaServerDemo.java index 933acbaa1d7..fe9a710d932 100644 --- a/hapi-fhir-cli/hapi-fhir-cli-jpaserver/src/main/java/ca/uhn/fhir/jpa/demo/JpaServerDemo.java +++ b/hapi-fhir-cli/hapi-fhir-cli-jpaserver/src/main/java/ca/uhn/fhir/jpa/demo/JpaServerDemo.java @@ -1,28 +1,36 @@ package ca.uhn.fhir.jpa.demo; -import java.util.*; - -import javax.servlet.ServletException; - -import org.springframework.web.context.ContextLoaderListener; -import org.springframework.web.context.WebApplicationContext; -import org.springframework.web.cors.CorsConfiguration; - import ca.uhn.fhir.context.FhirContext; import ca.uhn.fhir.context.FhirVersionEnum; import ca.uhn.fhir.jpa.dao.DaoConfig; import ca.uhn.fhir.jpa.dao.IFhirSystemDao; import ca.uhn.fhir.jpa.provider.JpaConformanceProviderDstu2; import ca.uhn.fhir.jpa.provider.JpaSystemProviderDstu2; -import ca.uhn.fhir.jpa.provider.dstu3.*; -import ca.uhn.fhir.jpa.provider.r4.*; +import ca.uhn.fhir.jpa.provider.dstu3.JpaConformanceProviderDstu3; +import ca.uhn.fhir.jpa.provider.dstu3.JpaSystemProviderDstu3; +import ca.uhn.fhir.jpa.provider.dstu3.TerminologyUploaderProviderDstu3; +import ca.uhn.fhir.jpa.provider.r4.JpaConformanceProviderR4; +import ca.uhn.fhir.jpa.provider.r4.JpaSystemProviderR4; +import ca.uhn.fhir.jpa.provider.r4.TerminologyUploaderProviderR4; import ca.uhn.fhir.model.dstu2.composite.MetaDt; import ca.uhn.fhir.model.dstu2.resource.Bundle; import ca.uhn.fhir.narrative.DefaultThymeleafNarrativeGenerator; import ca.uhn.fhir.rest.api.EncodingEnum; -import ca.uhn.fhir.rest.server.*; +import ca.uhn.fhir.rest.server.ETagSupportEnum; +import ca.uhn.fhir.rest.server.FifoMemoryPagingProvider; +import ca.uhn.fhir.rest.server.IResourceProvider; +import ca.uhn.fhir.rest.server.RestfulServer; import ca.uhn.fhir.rest.server.interceptor.CorsInterceptor; import ca.uhn.fhir.rest.server.interceptor.IServerInterceptor; +import org.springframework.web.context.ContextLoaderListener; +import org.springframework.web.context.WebApplicationContext; +import org.springframework.web.cors.CorsConfiguration; + +import javax.servlet.ServletException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.List; public class JpaServerDemo extends RestfulServer { @@ -139,6 +147,7 @@ public class JpaServerDemo extends RestfulServer { config.addAllowedHeader("x-fhir-starter"); config.addAllowedHeader("Origin"); config.addAllowedHeader("Accept"); + config.addAllowedHeader("Prefer"); config.addAllowedHeader("X-Requested-With"); config.addAllowedHeader("Content-Type"); config.addAllowedHeader("Access-Control-Request-Method");