String getType(); | String getType(); | ||||
String getUrl(); | String getUrl(); | ||||
String getUsername(); | String getUsername(); | ||||
boolean getWithCredentials(); | |||||
Settings setContentType(String t); | Settings setContentType(String t); | ||||
Settings setContext(Element e); | Settings setContext(Element e); | ||||
Settings setData(Object p); | Settings setData(Object p); | ||||
Settings setType(String t); | Settings setType(String t); | ||||
Settings setUrl(String u); | Settings setUrl(String u); | ||||
Settings setUsername(String u); | Settings setUsername(String u); | ||||
Settings setWithCredentials(boolean b); | |||||
} | } | ||||
public static final Class<Ajax> Ajax = registerPlugin(Ajax.class, new Plugin<Ajax>() { | public static final Class<Ajax> Ajax = registerPlugin(Ajax.class, new Plugin<Ajax>() { |
// Using gQuery to set credentials since this method was added in 2.5.1 | // Using gQuery to set credentials since this method was added in 2.5.1 | ||||
// xmlHttpRequest.setWithCredentials(true); | // xmlHttpRequest.setWithCredentials(true); | ||||
JsUtils.prop(xmlHttpRequest, "withCredentials", true); | |||||
JsUtils.prop(xmlHttpRequest, "withCredentials", settings.getWithCredentials()); | |||||
final Request request = createRequestVltr(xmlHttpRequest, settings.getTimeout(), this); | final Request request = createRequestVltr(xmlHttpRequest, settings.getTimeout(), this); | ||||
} | } | ||||
int code = c.getResponseCode(); | int code = c.getResponseCode(); | ||||
if (isCORS && !localDomain.equals(c.getHeaderField("Access-Control-Allow-Origin"))) { | |||||
code = 0; | |||||
if (isCORS) { | |||||
if (!localDomain.equals(c.getHeaderField("Access-Control-Allow-Origin"))) { | |||||
code = 0; | |||||
} | |||||
if (s.getWithCredentials() && c.getHeaderField("Access-Control-Allow-Credentials") == null) { | |||||
code = 0; | |||||
} | |||||
} | } | ||||
BufferedReader in = new BufferedReader(new InputStreamReader(c.getInputStream())); | BufferedReader in = new BufferedReader(new InputStreamReader(c.getInputStream())); |
echoUrl = localDomain + "/" + servletPath; | echoUrl = localDomain + "/" + servletPath; | ||||
echoUrlCORS = corsDomain + "/" + servletPath + "?cors=true"; | echoUrlCORS = corsDomain + "/" + servletPath + "?cors=true"; | ||||
startWebServer(port); | startWebServer(port); | ||||
} | } | ||||
*/ | */ | ||||
package com.google.gwt.query.client.ajax; | package com.google.gwt.query.client.ajax; | ||||
import junit.framework.Assert; | |||||
import com.google.gwt.http.client.Response; | import com.google.gwt.http.client.Response; | ||||
import com.google.gwt.junit.DoNotRunWith; | import com.google.gwt.junit.DoNotRunWith; | ||||
import com.google.gwt.junit.Platform; | import com.google.gwt.junit.Platform; | ||||
.setData(jsonGET) | .setData(jsonGET) | ||||
.setDataType("json"); | .setDataType("json"); | ||||
performAjaxJsonTest_CORS(s); | |||||
performAjaxJsonTest_CORS(s) | |||||
.done(new Function() { | |||||
public void f() { | |||||
Response r = arguments(3); | |||||
Assert.assertNotNull(r.getHeader("Access-Control-Allow-Origin")); | |||||
Assert.assertNull(r.getHeader("Access-Control-Allow-Credentials")); | |||||
} | |||||
}); | |||||
} | |||||
@DoNotRunWith(Platform.HtmlUnitBug) | |||||
public void testAjaxJsonGet_CORS_WithCredentials_Supported() { | |||||
Settings s = Ajax.createSettings() | |||||
.setType("get") | |||||
// Enable credentials in servlet | |||||
.setUrl(echoUrlCORS + "&credentials=true") | |||||
.setData(jsonGET) | |||||
.setDataType("json") | |||||
.setWithCredentials(true); | |||||
performAjaxJsonTest_CORS(s) | |||||
.done(new Function() { | |||||
public void f() { | |||||
Response r = arguments(3); | |||||
Assert.assertNotNull(r.getHeader("Access-Control-Allow-Origin")); | |||||
Assert.assertNotNull(r.getHeader("Access-Control-Allow-Credentials")); | |||||
} | |||||
}); | |||||
} | |||||
@DoNotRunWith(Platform.HtmlUnitBug) | |||||
public void testAjaxJsonGet_CORS_WithCredentials_Unsupported() { | |||||
Settings s = Ajax.createSettings() | |||||
.setType("get") | |||||
// Disable credentials in servlet | |||||
.setUrl(echoUrlCORS) | |||||
.setData(jsonGET) | |||||
.setDataType("json") | |||||
.setWithCredentials(true); | |||||
Ajax.ajax(s) | |||||
.fail(finishFunction) | |||||
.done(failFunction); | |||||
} | } | ||||
public void testAjaxGetJsonP() { | public void testAjaxGetJsonP() { |
String origin = req.getHeader("Origin"); | String origin = req.getHeader("Origin"); | ||||
if ("true".equals(req.getParameter("cors")) && origin != null) { | if ("true".equals(req.getParameter("cors")) && origin != null) { | ||||
resp.addHeader("Access-Control-Allow-Origin", origin); | resp.addHeader("Access-Control-Allow-Origin", origin); | ||||
resp.addHeader("Access-Control-Allow-Credentials", "true"); | |||||
if ("true".equals(req.getParameter("credentials"))) { | |||||
resp.addHeader("Access-Control-Allow-Credentials", "true"); | |||||
} | |||||
String method = req.getHeader("Access-Control-Request-Method"); | String method = req.getHeader("Access-Control-Request-Method"); | ||||
if (method != null) { | if (method != null) { | ||||
resp.addHeader("Access-Control-Allow-Methods", method); | resp.addHeader("Access-Control-Allow-Methods", method); |