Code Review / controller.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: aa50ec1) | patch
Added CorsFilter to enable secure cross site scripting 45/945/3
authorMadhu Venugopal <vmadhu@cisco.com>
Wed, 28 Aug 2013 05:26:13 +0000 (22:26 -0700)
committerMadhu Venugopal <vmadhu@cisco.com>
Wed, 28 Aug 2013 05:26:13 +0000 (22:26 -0700)
commit8cbcc63bbb004b50c66ce3c65d0b8d7943c8ffac
tree58262219d6f1cf8771399c9e6f6af3e5ba1eea22tree | snapshot
parentaa50ec153cd932a46bb117398a5e4b49df712958commit | diff
Added CorsFilter to enable secure cross site scripting

This is in addition to Ed's original Cors Filter changes. Default Cors Config
doesnt seem to work in certain scenarios. Added some custom configurations
and also added it per-bundle (started with Flow & i will add it to other bundles
once this is verified).

Also, by default AngularJS like frameworks uses HTTP OPTIONS method to check for
server options and that doesnt carry authentication headers. Hence in order for
the cors to work properly, we have to ignore authentication for OPTIONS method
alone. This is taken care in the web.xml configuration for all the northbound
bundle.

See: http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter
And: http://en.wikipedia.org/wiki/Cross-origin_resource_sharing
This is done to allow a web page using javascript to be able to make calls
to our REST APIs even though it does not originate in our domain.

Added CorsFilter bundle in Third Party to bring in the class as a Fragment
on the org.apache.catalina bundle.

Added CorsFilter to the web/root web.xml file so it will be used for
all WebApps.

Change-Id: I5fc6a53f2046816984fab722b841730c0eee396a
Signed-off-by: Madhu Venugopal <vmadhu@cisco.com>
24 files changed:
opendaylight/distribution/opendaylight/pom.xml diff | blob | history
opendaylight/northbound/flowprogrammer/pom.xml diff | blob | history
opendaylight/northbound/flowprogrammer/src/main/resources/WEB-INF/web.xml diff | blob | history
opendaylight/northbound/hosttracker/pom.xml diff | blob | history
opendaylight/northbound/hosttracker/src/main/resources/WEB-INF/web.xml diff | blob | history
opendaylight/northbound/networkconfiguration/bridgedomain/pom.xml diff | blob | history
opendaylight/northbound/networkconfiguration/bridgedomain/src/main/resources/WEB-INF/web.xml diff | blob | history
opendaylight/northbound/staticrouting/pom.xml diff | blob | history
opendaylight/northbound/staticrouting/src/main/resources/WEB-INF/web.xml diff | blob | history
opendaylight/northbound/statistics/pom.xml diff | blob | history
opendaylight/northbound/statistics/src/main/resources/WEB-INF/web.xml diff | blob | history
opendaylight/northbound/subnets/pom.xml diff | blob | history
opendaylight/northbound/subnets/src/main/resources/WEB-INF/web.xml diff | blob | history
opendaylight/northbound/switchmanager/pom.xml diff | blob | history
opendaylight/northbound/switchmanager/src/main/resources/WEB-INF/web.xml diff | blob | history
opendaylight/northbound/topology/pom.xml diff | blob | history
opendaylight/northbound/topology/src/main/resources/WEB-INF/web.xml diff | blob | history
opendaylight/samples/northbound/loadbalancer/pom.xml diff | blob | history
opendaylight/samples/northbound/loadbalancer/src/main/resources/WEB-INF/web.xml diff | blob | history
opendaylight/web/root/pom.xml diff | blob | history
opendaylight/web/root/src/main/resources/WEB-INF/web.xml diff | blob | history
third-party/org.apache.catalina.filters.CorsFilter/README [new file with mode: 0644] blob
third-party/org.apache.catalina.filters.CorsFilter/pom.xml [new file with mode: 0644] blob
third-party/org.apache.catalina.filters.CorsFilter/src/main/java/org/apache/catalina/filters/CorsFilter.java [new file with mode: 0644] blob
OpenDaylight controller