Merge pull request vert-x3#256 from FlamingTuri/master

fixed nopreflight.html, improved Server.java and preflight.html implementation

Author: pmlopes

web-examples/src/main/java/io/vertx/example/web/cors/.editorconfig

@@ -0,0 +1,9 @@
+root = true
+
+[*]
+charset = utf-8
+indent_style = space
+indent_size = 2
+trim_trailing_whitespace = true
+end_of_line = lf
+insert_final_newline = true

web-examples/src/main/java/io/vertx/example/web/cors/Server.java

@@ -3,15 +3,19 @@
 import io.vertx.core.AbstractVerticle;
 import io.vertx.core.MultiMap;
 import io.vertx.core.http.HttpMethod;
+import io.vertx.core.http.HttpServerResponse;
 import io.vertx.example.util.Runner;
 import io.vertx.ext.web.Router;
 import io.vertx.ext.web.handler.CorsHandler;
 import io.vertx.ext.web.handler.StaticHandler;
 
 import java.util.Map;
+import java.util.HashSet;
+import java.util.Set;
 
 /*
  * @author <a href="mailto:[email protected]">Paulo Lopes</a>
+ * reviewed by: Giacomo Venturini mail: [email protected]"
  */
 public class Server extends AbstractVerticle {
 
@@ -25,38 +29,50 @@ public void start() throws Exception {
 
     Router router = Router.router(vertx);
 
-    router.route().handler(CorsHandler.create("*")
-      .allowedMethod(HttpMethod.GET)
-      .allowedMethod(HttpMethod.POST)
-      .allowedMethod(HttpMethod.OPTIONS)
-      .allowedHeader("X-PINGARUNER")
-      .allowedHeader("Content-Type"));
+    Set<String> allowedHeaders = new HashSet<>();
+    allowedHeaders.add("x-requested-with");
+    allowedHeaders.add("Access-Control-Allow-Origin");
+    allowedHeaders.add("origin");
+    allowedHeaders.add("Content-Type");
+    allowedHeaders.add("accept");
+    allowedHeaders.add("X-PINGARUNER");
+
+    Set<HttpMethod> allowedMethods = new HashSet<>();
+    allowedMethods.add(HttpMethod.GET);
+    allowedMethods.add(HttpMethod.POST);
+    allowedMethods.add(HttpMethod.OPTIONS);
+    /*
+     * these methods aren't necessary for this sample, 
+     * but you may need them for your projects
+     */
+    allowedMethods.add(HttpMethod.DELETE);
+    allowedMethods.add(HttpMethod.PATCH);
+    allowedMethods.add(HttpMethod.PUT);
+
+    router.route().handler(CorsHandler.create("*").allowedHeaders(allowedHeaders).allowedMethods(allowedMethods));
 
     router.get("/access-control-with-get").handler(ctx -> {
-
-      ctx.response().setChunked(true);
-
+      HttpServerResponse httpServerResponse = ctx.response();
+      httpServerResponse.setChunked(true);
       MultiMap headers = ctx.request().headers();
       for (String key : headers.names()) {
-        ctx.response().write(key);
-        ctx.response().write(headers.get(key));
-        ctx.response().write("\n");
+        httpServerResponse.write(key + ": ");
+        httpServerResponse.write(headers.get(key));
+        httpServerResponse.write("<br>");
       }
-
-      ctx.response().end();
+      httpServerResponse.putHeader("Content-Type", "application/text").end("Success");
     });
 
     router.post("/access-control-with-post-preflight").handler(ctx -> {
-      ctx.response().setChunked(true);
-
+      HttpServerResponse httpServerResponse = ctx.response();
+      httpServerResponse.setChunked(true);
       MultiMap headers = ctx.request().headers();
       for (String key : headers.names()) {
-        ctx.response().write(key);
-        ctx.response().write(headers.get(key));
-        ctx.response().write("\n");
+        httpServerResponse.write(key + ": ");
+        httpServerResponse.write(headers.get(key));
+        httpServerResponse.write("<br>");
       }
-
-      ctx.response().end();
+      httpServerResponse.putHeader("Content-Type", "application/text").end("Success");
     });
 
     // Serve the static resources

web-examples/src/main/java/io/vertx/example/web/cors/webroot/nopreflight.html

@@ -2,65 +2,41 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
-    <title>Simple use of Cross-Site XMLHttpRequest (Using Access Control)</title>
-    <script type="text/javascript">
-        //<![CDATA[
+<title>Simple use of Cross-Site XMLHttpRequest (Using Access Control)</title>
+<script type="text/javascript">
+	var url = 'http://localhost:8080/access-control-with-get/';
 
-        var invocation = new XMLHttpRequest();
-        var url = 'http://localhost:8080/access-control-with-get/';
-        var invocationHistoryText;
-
-        function callOtherDomain(){
-            if(invocation)
-            {
-                invocation.open('GET', url, true);
-                invocation.onreadystatechange = handler;
-                invocation.send();
-            }
-            else
-            {
-                invocationHistoryText = "No Invocation TookPlace At All";
-                var textNode = document.createTextNode(invocationHistoryText);
-                var textDiv = document.getElementById("textDiv");
-                textDiv.appendChild(textNode);
-            }
-
-        }
-        function handler(evtXHR)
-        {
-            if (invocation.readyState == 4)
-            {
-                if (invocation.status == 200)
-                {
-                    var response = invocation.responseXML;
-                    var invocationHistory = response.getElementsByTagName('invocationHistory').item(0).firstChild.data;
-                    invocationHistoryText = document.createTextNode(invocationHistory);
-                    var textDiv = document.getElementById("textDiv");
-                    textDiv.appendChild(invocationHistoryText);
-
-                }
-                else
-                    alert("Invocation Errors Occured");
-            }
-            else
-                dump("currently the application is at" + invocation.readyState);
-        }
-        //]]>
-
-
-    </script>
+	function callOtherDomain() {
+		var xhttp = new XMLHttpRequest();
+		xhttp.onreadystatechange = function() {
+			if (this.readyState == 4 && this.status == 200) {
+				var e = document.createElement('p');
+				e.innerHTML = xhttp.responseText;
+				document.getElementById("textDiv").appendChild(e);
+			} else {
+				console.log("XMLHttpRequest readyState:" + this.readyState
+						+ " status: " + this.status);
+			}
+		};
+		xhttp.open("GET", url, true);
+		xhttp.send();
+	}
+</script>
 </head>
 <body>
-<form id="controlsToInvoke" action="">
-    <p>
-        <input type="button" value="Click to Invoke Another Site" onclick="callOtherDomain()" />
-    </p>
-</form>
-<p id="intro">
-    This page basically makes invocations to another domain using cross-site XMLHttpRequest mitigated by Access Control.  This is the simple scenario that is <em>NOT</em> preflighted, and the invocation to a resource on another domain takes place using a simple HTTP GET.
-</p>
-<div id="textDiv">
-    This XHTML document invokes another resource using cross-site XHR.
-</div>
+	<form id="controlsToInvoke" action="">
+		<p>
+			<input type="button" value="Click to Invoke Another Site"
+				onclick="callOtherDomain()" />
+		</p>
+	</form>
+	<p id="intro">
+		This page basically makes invocations to another domain using
+		cross-site XMLHttpRequest mitigated by Access Control. This is the
+		simple scenario that is <em>NOT</em> preflighted, and the invocation
+		to a resource on another domain takes place using a simple HTTP GET.
+	</p>
+	<div id="textDiv">This XHTML document invokes another resource
+		using cross-site XHR.</div>
 </body>
 </html>

web-examples/src/main/java/io/vertx/example/web/cors/webroot/preflight.html

@@ -2,73 +2,43 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
-    <title>Simple use of Cross-Site XMLHttpRequest (Using Access Control)</title>
-    <script type="text/javascript">
-        //<![CDATA[
+<title>Simple use of Cross-Site XMLHttpRequest (Using Access Control)</title>
+<script type="text/javascript">
+	var url = 'http://localhost:8080/access-control-with-post-preflight/';
 
-        var invocation = new XMLHttpRequest();
-        var url = 'http://localhost:8080/access-control-with-post-preflight/';
-        var invocationHistoryText;
-        var body = '<?xml version="1.0"?><person><name>Arun</name></person>';
-
-        function callOtherDomain(){
-            if(invocation)
-            {
-                invocation.open('POST', url, true);
-                invocation.setRequestHeader('X-PINGARUNER', 'pingpong');
-                invocation.setRequestHeader('Content-Type',
-                        'application/xml');
-                invocation.onreadystatechange = handler;
-                invocation.send(body);
-            }
-            else
-            {
-                invocationHistoryText = "No Invocation TookPlace At All";
-                var textNode = document.createTextNode(invocationHistoryText);
-                var textDiv = document.getElementById("textDiv");
-                textDiv.appendChild(textNode);
-            }
-
-        }
-        function handler(evtXHR)
-        {
-            if (invocation.readyState == 4)
-            {
-                if (invocation.status == 200)
-                {
-                    var response = invocation.responseText;
-                    //var invocationHistory = response.getElementsByTagName('invocationHistory').item(0).firstChild.data;
-                    invocationHistoryText = document.createTextNode(response);
-                    var textDiv = document.getElementById("textDiv");
-                    textDiv.appendChild(invocationHistoryText);
-
-                }
-                else
-                {
-                    alert("Invocation Errors Occured " + invocation.readyState + " and the status is " + invocation.status);
-                }
-            }
-            else
-            {
-                dump("currently the application is at" + invocation.readyState);
-            }
-        }
-        //]]>
-
-
-    </script>
+	function callOtherDomain() {
+		var xhttp = new XMLHttpRequest();
+		xhttp.onreadystatechange = function() {
+			if (this.readyState == 4 && this.status == 200) {
+				var e = document.createElement('p');
+				e.innerHTML = xhttp.responseText;
+				document.getElementById("textDiv").appendChild(e);
+			} else {
+				console.log("XMLHttpRequest readyState:" + this.readyState
+						+ " status: " + this.status);
+			}
+		};
+		xhttp.open("POST", url, true);
+		xhttp.setRequestHeader('X-PINGARUNER', 'pingpong');
+		xhttp.setRequestHeader('Content-Type', 'application/text');
+		xhttp.send();
+	}
+</script>
 </head>
 <body>
-<form id="controlsToInvoke" action="">
-    <p>
-        <input type="button" value="Click to Invoke Another Site" onclick="callOtherDomain()" />
-    </p>
-</form>
-<p id="intro">
-    This page POSTs XML data to another domain using cross-site XMLHttpRequest mitigated by Access Control.  This is the preflight scenario and the invocation to a resource on another domain takes place using first an OPTIONS request, then an actual POST request.
-</p>
-<div id="textDiv">
-    This XHTML document POSTs to another resource using cross-site XHR.  If you get a response back, the content of that response should reflect what you POSTed.
-</div>
+	<form id="controlsToInvoke" action="">
+		<p>
+			<input type="button" value="Click to Invoke Another Site"
+				onclick="callOtherDomain()" />
+		</p>
+	</form>
+	<p id="intro">This page POSTs XML data to another domain using
+		cross-site XMLHttpRequest mitigated by Access Control. This is the
+		preflight scenario and the invocation to a resource on another domain
+		takes place using first an OPTIONS request, then an actual POST
+		request.</p>
+	<div id="textDiv">This XHTML document POSTs to another resource
+		using cross-site XHR. If you get a response back, the content of that
+		response should reflect what you POSTed.</div>
 </body>
 </html>