@@ -63,6 +63,7 @@ public class Ajax extends GQuery { | |||
String getType(); | |||
String getUrl(); | |||
String getUsername(); | |||
boolean getWithCredentials(); | |||
Settings setContentType(String t); | |||
Settings setContext(Element e); | |||
Settings setData(Object p); | |||
@@ -76,6 +77,7 @@ public class Ajax extends GQuery { | |||
Settings setType(String t); | |||
Settings setUrl(String u); | |||
Settings setUsername(String u); | |||
Settings setWithCredentials(boolean b); | |||
} | |||
public static final Class<Ajax> Ajax = registerPlugin(Ajax.class, new Plugin<Ajax>() { |
@@ -120,7 +120,7 @@ public class PromiseReqBuilder extends DeferredPromiseImpl implements RequestCal | |||
// Using gQuery to set credentials since this method was added in 2.5.1 | |||
// xmlHttpRequest.setWithCredentials(true); | |||
JsUtils.prop(xmlHttpRequest, "withCredentials", true); | |||
JsUtils.prop(xmlHttpRequest, "withCredentials", settings.getWithCredentials()); | |||
final Request request = createRequestVltr(xmlHttpRequest, settings.getTimeout(), this); | |||
@@ -168,8 +168,13 @@ public class AjaxTransportJre implements AjaxTransport { | |||
} | |||
int code = c.getResponseCode(); | |||
if (isCORS && !localDomain.equals(c.getHeaderField("Access-Control-Allow-Origin"))) { | |||
code = 0; | |||
if (isCORS) { | |||
if (!localDomain.equals(c.getHeaderField("Access-Control-Allow-Origin"))) { | |||
code = 0; | |||
} | |||
if (s.getWithCredentials() && c.getHeaderField("Access-Control-Allow-Credentials") == null) { | |||
code = 0; | |||
} | |||
} | |||
BufferedReader in = new BufferedReader(new InputStreamReader(c.getInputStream())); |
@@ -49,6 +49,7 @@ public class AjaxTestJre extends AjaxTests { | |||
echoUrl = localDomain + "/" + servletPath; | |||
echoUrlCORS = corsDomain + "/" + servletPath + "?cors=true"; | |||
startWebServer(port); | |||
} | |||
@@ -15,6 +15,8 @@ | |||
*/ | |||
package com.google.gwt.query.client.ajax; | |||
import junit.framework.Assert; | |||
import com.google.gwt.http.client.Response; | |||
import com.google.gwt.junit.DoNotRunWith; | |||
import com.google.gwt.junit.Platform; | |||
@@ -119,7 +121,49 @@ public abstract class AjaxTests extends GWTTestCase { | |||
.setData(jsonGET) | |||
.setDataType("json"); | |||
performAjaxJsonTest_CORS(s); | |||
performAjaxJsonTest_CORS(s) | |||
.done(new Function() { | |||
public void f() { | |||
Response r = arguments(3); | |||
Assert.assertNotNull(r.getHeader("Access-Control-Allow-Origin")); | |||
Assert.assertNull(r.getHeader("Access-Control-Allow-Credentials")); | |||
} | |||
}); | |||
} | |||
@DoNotRunWith(Platform.HtmlUnitBug) | |||
public void testAjaxJsonGet_CORS_WithCredentials_Supported() { | |||
Settings s = Ajax.createSettings() | |||
.setType("get") | |||
// Enable credentials in servlet | |||
.setUrl(echoUrlCORS + "&credentials=true") | |||
.setData(jsonGET) | |||
.setDataType("json") | |||
.setWithCredentials(true); | |||
performAjaxJsonTest_CORS(s) | |||
.done(new Function() { | |||
public void f() { | |||
Response r = arguments(3); | |||
Assert.assertNotNull(r.getHeader("Access-Control-Allow-Origin")); | |||
Assert.assertNotNull(r.getHeader("Access-Control-Allow-Credentials")); | |||
} | |||
}); | |||
} | |||
@DoNotRunWith(Platform.HtmlUnitBug) | |||
public void testAjaxJsonGet_CORS_WithCredentials_Unsupported() { | |||
Settings s = Ajax.createSettings() | |||
.setType("get") | |||
// Disable credentials in servlet | |||
.setUrl(echoUrlCORS) | |||
.setData(jsonGET) | |||
.setDataType("json") | |||
.setWithCredentials(true); | |||
Ajax.ajax(s) | |||
.fail(finishFunction) | |||
.done(failFunction); | |||
} | |||
public void testAjaxGetJsonP() { |
@@ -61,7 +61,9 @@ public class GQAjaxTestServlet extends HttpServlet { | |||
String origin = req.getHeader("Origin"); | |||
if ("true".equals(req.getParameter("cors")) && origin != null) { | |||
resp.addHeader("Access-Control-Allow-Origin", origin); | |||
resp.addHeader("Access-Control-Allow-Credentials", "true"); | |||
if ("true".equals(req.getParameter("credentials"))) { | |||
resp.addHeader("Access-Control-Allow-Credentials", "true"); | |||
} | |||
String method = req.getHeader("Access-Control-Request-Method"); | |||
if (method != null) { | |||
resp.addHeader("Access-Control-Allow-Methods", method); |