The new 2.5 release of the CORS Filter for handling cross-domain requests offers improved performance. This benefits Java web servers that handle lots of traffic, particularly situations when a significant proportion of that is invalid or unauthorised CORS requests. The improvement is achieved by using static (cached) exceptions within the filter. Here is an an […]
Category Archives: CORS
CORS Filter with automatic reconfiguration
Version 2.4 of the Java CORS Filter for handling cross-domain requests has added support for automatic reconfiguration. You can change your CORS policy at runtime without having to reload your web service or application. Kudos to Alexey Zvolinsky for contributing this cool new feature. Automatic reconfiguration is provided by a special variant of the CORS […]
CORS Filter 1.7 with more configuration options
The Java servet filter for enabling CORS (cross-domain) web applications received a major upgrade today. Up until now in order to change the out-of-the-box CORS configuration you had to add filter init-params in the web.xml descriptor of your application. A number of developers asked for alternative configuration means, such as specifying a properties file for […]
CORS Filter 1.6 supports any URI scheme
The Java CORS Filter for adding Cross-Origin Resource Sharing to existing web apps received an important update to permit any URI scheme, not just the ubiquitous http:// and https:// as originally supported. This change is in line with RFC 6454 which defines the concept of web origins. This means that now you can also service […]
Opera finally with CORS support
Opera was the last major browser to add support for handling cross-origin requests in its 12th version. The CORS protocol was devised several years ago by a W3C working group to allow for clean making of cross-domain XHR, without JSONp hacks. CORS was initially adopted by Firefox and Chrome, and was subsequently joined by the […]
CORS requests and cookies
Today I received a question regarding the Java CORS Filter and browser cookies: Does your filter take care about the sessions? For each CORS request I get a different JSESSIONID. My response was that in order for the Java web application or service to get at a cookie, both the CORS Filter in front of […]
CORS and HTTP 302 redirect responses
Earlier this week a user of the CORS Filter library asked why his browser app wasn’t able to connect to his web service despite it having Cross-Origin Resource Sharing (CORS) enabled. Investigation of the problem showed that his XHR was not landing on the CORS-enabled URL directly, but was being redirected to it through an […]
Easy LDAP user authentication over the web
AuthService is a simple web service software offered by Nimbus Directory Services. It can authenticate users against any LDAP directory using a web-friendly HTTP+JSON protocol. Where to use? AuthService can be used in any situation where you have to authenticate user credentials (login) over the web against an LDAP-compatible directory such as Microsoft Active Directory, […]
LDAP directory in the cloud
Json2Ldap hit the cloud this month. I’ve always wanted to put up an online demo for the JSON web service for LDAP directory access and this is reality now. If you visit the NimbusDS website you’ll see a new Json2Ldap demo page where you can play with three Ajax directory applications: Online employee directory: Presents […]
Detecting CORS support in a browser
I’m using the following JavaScript function to detect whether a browser has support for Cross-Origin Resource Sharing (CORS) XHR. function browserSupportsCors() { if (“withCredentials” in new XMLHttpRequest()) return true; else if (window.XDomainRequest) return true; else return false; } The XDomainRequest object is specific to IE 8 and IE9, other browsers, including IE 10, extend the […]