/* * Copyright 2016-2019 Fraunhofer AISEC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * $$\ $$\ $$\ $$\ * $$ | $$ |\__| $$ | * $$$$$$$\ $$ | $$$$$$\ $$\ $$\ $$$$$$$ |$$\ $$$$$$\ $$$$$$\ $$$$$$\ * $$ _____|$$ |$$ __$$\ $$ | $$ |$$ __$$ |$$ |\_$$ _| $$ __$$\ $$ __$$\ * $$ / $$ |$$ / $$ |$$ | $$ |$$ / $$ |$$ | $$ | $$ / $$ |$$ | \__| * $$ | $$ |$$ | $$ |$$ | $$ |$$ | $$ |$$ | $$ |$$\ $$ | $$ |$$ | * \$$$$$$\ $$ |\$$$$$ |\$$$$$ |\$$$$$$ |$$ | \$$$ |\$$$$$ |$$ | * \_______|\__| \______/ \______/ \_______|\__| \____/ \______/ \__| * * This file is part of Clouditor Community Edition. */ package io.clouditor.rest; import io.clouditor.Component; import javax.annotation.Priority; import javax.inject.Inject; import javax.ws.rs.Priorities; import javax.ws.rs.container.ContainerRequestContext; import javax.ws.rs.container.ContainerResponseContext; import javax.ws.rs.container.ContainerResponseFilter; import javax.ws.rs.core.MultivaluedMap; /** * This filter adds Cross-Origin Resource Sharing (CORS) headers to each response. * * @author Christian Banse */ @Priority(Priorities.HEADER_DECORATOR) public class CORSResponseFilter implements ContainerResponseFilter { @Inject private Component component; @Override public void filter( ContainerRequestContext requestContext, ContainerResponseContext responseContext) { MultivaluedMap<String, Object> headers = responseContext.getHeaders(); // allow AJAX from everywhere headers.add("Access-Control-Allow-Origin", component.getAPIAllowedOrigin()); headers.add("Access-Control-Allow-Methods", "GET,PUT,POST,DELETE"); headers.add("Access-Control-Allow-Headers", "Authorization,Content-Type"); } }