Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
CORS 6 Nov 2013 / 14 Nov 2013 Jared Ottley / Alfresco Software #SummitNow
CORS 6 Nov 2013 / 14 Nov 2013 Jared Ottley / Alfresco Software #SummitNow
3 What is CORS? Cross-Origin Resource Sharing • Cross Domain AJAX Calls • Implemented in Browser and Server #SummitNow #...
4 What Browsers Support CORS? 4.0+ 3.5+ 12.0+ 4.0+ Partial 8&9 10+ #SummitNow #SummitNow
5 How Does CORS Work? Nothing to implement in your javascript. The Browser & the Server do the heavy lifting. #SummitNow...
6 How Does CORS Work? OPTIONS Browser API Request #SummitNow #SummitNow
7 Example Code $.ajax ({ type: ”HTTP METHOD”, url: “Place to go to”, dataType: 'json’, async: false, data: '{}', beforeSe...
8 What About the Server Side? Alfresco does not ship with CORS support. Alfresco uses CORS as part of “Alfresco for Sale...
9 How to Enable CORS in Alfresco Add the following jars to WEB-INF/lib cors-filter java-property-utils Both can be found...
10 How to Enable CORS in Alfresco Modify WEB-INF/web.xml <filter> <filter-name>CORS</filter-name> <filter-class>com.thet...
11 How to Enable CORS in Alfresco What services will be called by your app? <filter-mapping> <filter-name>CORS</filter-n...
12 How to Enable CORS in Alfresco OPTIONS Browser Authentication API Request #SummitNow #SummitNow
13 How to Enable CORS in Alfresco Filter can be placed anywhere in web.xml However… Filter mapping MUST be before authe...
14 How to Enable CORS in Alfresco Place after Global Localization Filter but before CMIS security context cleaning filte...
15 Filter Configuration By default the CORS Filter will apply a "public access" CORS policy, allowing all cross-site requ...
16 Filter Configuration (cont.) cors.configurationFile properties file Setting the location using • System Property (-D) ...
17 Filter Configuration (cont.) Do not change the following defaults: • cors.allowGenericHttpRequests {true|false} defaul...
18 Filter Configuration (cont.) cors.allowOrigin {"*"|origin-list} defaults to * • Which calling domains are allowed? • e...
19 Filter Configuration (cont.) cors.allowSubdomains {true|false} defaults to false • Your application may run in a hoste...
20 Filter Configuration (cont.) cors.supportedMethods {method-list} defaults to "GET, POST, HEAD, OPTIONS” cors.supported...
21 Filter Configuration (cont.) cors.exposedHeaders {header-list} defaults to empty list • Response headers limited to: C...
22 Demo #SummitNow #SummitNow
23 CORS Resources http://software.dzhuvinov.com/cors-filter.html https://bitbucket.org/thetransactioncompany/cors-filter ...
24 CORS Resources http://software.dzhuvinov.com/cors-filter.html https://bitbucket.org/thetransactioncompany/cors-filter ...
Upcoming SlideShare
Loading in …5
×

CORS - Enable Alfresco for CORS

5,531 views

Published on

Alfresco Summit Lightening Talk. What is CORS? How to enable Alfresco (Community, Enterprise) to allow CORS calls.

Published in: Technology
no profile picture user
  • Is Your Ex With a Woman? Don't lose your Ex boyfriend! This weird trick will get him back! ♥♥♥ http://ow.ly/mOLD301xGxr
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Just got my check for $500, Sometimes people don't believe me when I tell them about how much you can make taking paid surveys online... So I took a video of myself actually getting paid $500 for paid surveys to finally set the record straight. I'm not going to leave this video up for long, so check it out now before I take it down! ■■■ https://tinyurl.com/make2793amonth
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Discover a WEIRD trick I use to make over $3500 per month taking paid surveys online. read more...  https://tinyurl.com/make2793amonth
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Like to know how to take easy surveys and get huge checks - then you need to visit us now! Having so many paid surveys available to you all the time let you live the kind of life you want. learn more...★★★ https://tinyurl.com/make2793amonth
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • @Susmit Basu can you send me a copy of your modified web.xml file review? (first.last@alfresco.com)
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
Show More

CORS - Enable Alfresco for CORS

  1. 1. CORS 6 Nov 2013 / 14 Nov 2013 Jared Ottley / Alfresco Software #SummitNow
  2. 2. CORS 6 Nov 2013 / 14 Nov 2013 Jared Ottley / Alfresco Software #SummitNow
  3. 3. 3 What is CORS? Cross-Origin Resource Sharing • Cross Domain AJAX Calls • Implemented in Browser and Server #SummitNow #SummitNow
  4. 4. 4 What Browsers Support CORS? 4.0+ 3.5+ 12.0+ 4.0+ Partial 8&9 10+ #SummitNow #SummitNow
  5. 5. 5 How Does CORS Work? Nothing to implement in your javascript. The Browser & the Server do the heavy lifting. #SummitNow #SummitNow
  6. 6. 6 How Does CORS Work? OPTIONS Browser API Request #SummitNow #SummitNow
  7. 7. 7 Example Code $.ajax ({ type: ”HTTP METHOD”, url: “Place to go to”, dataType: 'json’, async: false, data: '{}', beforeSend: function (xhr){ xhr.setRequestHeader('Authorization', setAuthTokenHere() }, success: function (response){ //do something }, failure: function (response) { //do something } }); #SummitNow #SummitNow
  8. 8. 8 What About the Server Side? Alfresco does not ship with CORS support. Alfresco uses CORS as part of “Alfresco for Salesforce” to talk to Alfresco Cloud. #SummitNow #SummitNow
  9. 9. 9 How to Enable CORS in Alfresco Add the following jars to WEB-INF/lib cors-filter java-property-utils Both can be found at http://software.dzhuvinov.com/cors-filter.html #SummitNow #SummitNow
  10. 10. 10 How to Enable CORS in Alfresco Modify WEB-INF/web.xml <filter> <filter-name>CORS</filter-name> <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class> </filter> <filter-mapping> <filter-name>CORS</filter-name> <url-pattern>/service/*</url-pattern> </filter-mapping> #SummitNow #SummitNow
  11. 11. 11 How to Enable CORS in Alfresco What services will be called by your app? <filter-mapping> <filter-name>CORS</filter-name> <url-pattern>/service/*</url-pattern> <url-pattern>/cmisatom/*</url-pattern> <url-pattern>/cmisbrowser/*</url-pattern> </filter-mapping> #SummitNow #SummitNow
  12. 12. 12 How to Enable CORS in Alfresco OPTIONS Browser Authentication API Request #SummitNow #SummitNow
  13. 13. 13 How to Enable CORS in Alfresco Filter can be placed anywhere in web.xml However… Filter mapping MUST be before authentication filters #SummitNow #SummitNow
  14. 14. 14 How to Enable CORS in Alfresco Place after Global Localization Filter but before CMIS security context cleaning filter. • This is true for 4.2…but may not be true for other versions of Alfresco. • By rule BEFORE any security/authentication filters #SummitNow #SummitNow
  15. 15. 15 Filter Configuration By default the CORS Filter will apply a "public access" CORS policy, allowing all cross-site requests through (including credentials/cookies). Leaving the CORS Filter at this setting would actually be fine for most situations as CORS is not about adding server security; its primary intent is to protect the browser the legitimate JavaScript apps running in it and the user's confidential data, such as cookies. #SummitNow #SummitNow
  16. 16. 16 Filter Configuration (cont.) cors.configurationFile properties file Setting the location using • System Property (-D) • init-param Or Individual init-param #SummitNow #SummitNow
  17. 17. 17 Filter Configuration (cont.) Do not change the following defaults: • cors.allowGenericHttpRequests {true|false} defaults to true • cors.supportsCredentials {true|false} defaults to true. cors.maxAge {int} defaults to -1 (unspecified) • How long should pre-flight requests be cached. • Recommended value is 3600 (1 hour) #SummitNow #SummitNow
  18. 18. 18 Filter Configuration (cont.) cors.allowOrigin {"*"|origin-list} defaults to * • Which calling domains are allowed? • ex: http://alfresco.com https://www.alfresco.com • Returns 403 if the domain is not allowed #SummitNow #SummitNow
  19. 19. 19 Filter Configuration (cont.) cors.allowSubdomains {true|false} defaults to false • Your application may run in a hosted service where the subdomain is dynamically assigned ex. salesforce.com • ex. https://na14.salesforce.com #SummitNow #SummitNow
  20. 20. 20 Filter Configuration (cont.) cors.supportedMethods {method-list} defaults to "GET, POST, HEAD, OPTIONS” cors.supportedHeaders {"*"|header-list} defaults to * • origin, authorization, accept #SummitNow #SummitNow
  21. 21. 21 Filter Configuration (cont.) cors.exposedHeaders {header-list} defaults to empty list • Response headers limited to: CacheControl, Content-Language, ContentType, Expires, Last-Modified Pragma • Add additional headers to be exposed #SummitNow #SummitNow
  22. 22. 22 Demo #SummitNow #SummitNow
  23. 23. 23 CORS Resources http://software.dzhuvinov.com/cors-filter.html https://bitbucket.org/thetransactioncompany/cors-filter http://www.w3.org/TR/cors/ http://en.wikipedia.org/wiki/Cross-origin_resource_sharing #SummitNow #SummitNow
  24. 24. 24 CORS Resources http://software.dzhuvinov.com/cors-filter.html https://bitbucket.org/thetransactioncompany/cors-filter http://www.w3.org/TR/cors/ http://en.wikipedia.org/wiki/Cross-origin_resource_sharing #SummitNow #SummitNow

×