Code Review / controller.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 15c27b1) | patch
Added CorsFilter to enable secure cross site scripting 31/1031/1
authorMadhu Venugopal <vmadhu@cisco.com>
Wed, 28 Aug 2013 05:26:13 +0000 (22:26 -0700)
committerGiovanni Meo <gmeo@cisco.com>
Wed, 28 Aug 2013 09:59:05 +0000 (11:59 +0200)
commit2b4b6a40486a469d72f9421617a945fdca7fdf17
tree579ba3ffe91ac2337037a39003fee978407b2109tree | snapshot
parent15c27b1364f7538b39fe95ffdacf822e22c06e11commit | diff
Added CorsFilter to enable secure cross site scripting

This is in addition to Ed's original Cors Filter changes. Default Cors Config
doesnt seem to work in certain scenarios. Added some custom configurations
and also added it per-bundle (started with Flow & i will add it to other bundles
once this is verified).

Also, by default AngularJS like frameworks uses HTTP OPTIONS method to check for
server options and that doesnt carry authentication headers. Hence in order for
the cors to work properly, we have to ignore authentication for OPTIONS method
alone. This is taken care in the web.xml configuration for all the northbound
bundle.

See: http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter
And: http://en.wikipedia.org/wiki/Cross-origin_resource_sharing
This is done to allow a web page using javascript to be able to make calls
to our REST APIs even though it does not originate in our domain.

Added CorsFilter bundle in Third Party to bring in the class as a Fragment
on the org.apache.catalina bundle.

Added CorsFilter to the web/root web.xml file so it will be used for
all WebApps.

Fixed the northbound integration tests

Change-Id: I29435c5820613982ef691e03a1d446bc7f958537
Signed-off-by: Madhu Venugopal <vmadhu@cisco.com>
25 files changed:
opendaylight/distribution/opendaylight/pom.xml diff | blob | history
opendaylight/northbound/flowprogrammer/pom.xml diff | blob | history
opendaylight/northbound/flowprogrammer/src/main/resources/WEB-INF/web.xml diff | blob | history
opendaylight/northbound/hosttracker/pom.xml diff | blob | history
opendaylight/northbound/hosttracker/src/main/resources/WEB-INF/web.xml diff | blob | history
opendaylight/northbound/integrationtest/src/test/java/org/opendaylight/controller/northbound/integrationtest/NorthboundIT.java diff | blob | history
opendaylight/northbound/networkconfiguration/bridgedomain/pom.xml diff | blob | history
opendaylight/northbound/networkconfiguration/bridgedomain/src/main/resources/WEB-INF/web.xml diff | blob | history
opendaylight/northbound/staticrouting/pom.xml diff | blob | history
opendaylight/northbound/staticrouting/src/main/resources/WEB-INF/web.xml diff | blob | history
opendaylight/northbound/statistics/pom.xml diff | blob | history
opendaylight/northbound/statistics/src/main/resources/WEB-INF/web.xml diff | blob | history
opendaylight/northbound/subnets/pom.xml diff | blob | history
opendaylight/northbound/subnets/src/main/resources/WEB-INF/web.xml diff | blob | history
opendaylight/northbound/switchmanager/pom.xml diff | blob | history
opendaylight/northbound/switchmanager/src/main/resources/WEB-INF/web.xml diff | blob | history
opendaylight/northbound/topology/pom.xml diff | blob | history
opendaylight/northbound/topology/src/main/resources/WEB-INF/web.xml diff | blob | history
opendaylight/samples/northbound/loadbalancer/pom.xml diff | blob | history
opendaylight/samples/northbound/loadbalancer/src/main/resources/WEB-INF/web.xml diff | blob | history
opendaylight/web/root/pom.xml diff | blob | history
opendaylight/web/root/src/main/resources/WEB-INF/web.xml diff | blob | history
third-party/org.apache.catalina.filters.CorsFilter/README [new file with mode: 0644] blob
third-party/org.apache.catalina.filters.CorsFilter/pom.xml [new file with mode: 0644] blob
third-party/org.apache.catalina.filters.CorsFilter/src/main/java/org/apache/catalina/filters/CorsFilter.java [new file with mode: 0644] blob
OpenDaylight controller