Added CorsFilter to enable secure cross site scripting This is in addition to Ed's original Cors Filter changes. Default Cors Config doesnt seem to work in certain scenarios. Added some custom configurations and also added it per-bundle (started with Flow & i will add it to other bundles once this is verified). Also, by default AngularJS like frameworks uses HTTP OPTIONS method to check for server options and that doesnt carry authentication headers. Hence in order for the cors to work properly, we have to ignore authentication for OPTIONS method alone. This is taken care in the web.xml configuration for all the northbound bundle. See: http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter And: http://en.wikipedia.org/wiki/Cross-origin_resource_sharing This is done to allow a web page using javascript to be able to make calls to our REST APIs even though it does not originate in our domain. Added CorsFilter bundle in Third Party to bring in the class as a Fragment on the org.apache.catalina bundle. Added CorsFilter to the web/root web.xml file so it will be used for all WebApps. Fixed the northbound integration tests Change-Id: I29435c5820613982ef691e03a1d446bc7f958537 Signed-off-by: Madhu Venugopal <vmadhu@cisco.com>
Reverting because it caused instability to the northbound, wondering why verify didn't catch those. Revert "Added CorsFilter to enable secure cross site scripting" This reverts commit 8cbcc63bbb004b50c66ce3c65d0b8d7943c8ffac Change-Id: I41e292b91dfff6c7ceefe33f92f63c081ca2e499
Added CorsFilter to enable secure cross site scripting This is in addition to Ed's original Cors Filter changes. Default Cors Config doesnt seem to work in certain scenarios. Added some custom configurations and also added it per-bundle (started with Flow & i will add it to other bundles once this is verified). Also, by default AngularJS like frameworks uses HTTP OPTIONS method to check for server options and that doesnt carry authentication headers. Hence in order for the cors to work properly, we have to ignore authentication for OPTIONS method alone. This is taken care in the web.xml configuration for all the northbound bundle. See: http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter And: http://en.wikipedia.org/wiki/Cross-origin_resource_sharing This is done to allow a web page using javascript to be able to make calls to our REST APIs even though it does not originate in our domain. Added CorsFilter bundle in Third Party to bring in the class as a Fragment on the org.apache.catalina bundle. Added CorsFilter to the web/root web.xml file so it will be used for all WebApps. Change-Id: I5fc6a53f2046816984fab722b841730c0eee396a Signed-off-by: Madhu Venugopal <vmadhu@cisco.com>