Author: markt
Date: Wed Jun 5 08:21:18 2013
New Revision: 1489738
URL: http://svn.apache.org/r1489738
Log:
Documentation tweaks for CORS filter.
Patch provided by Mohit Soni.
Modified:
tomcat/trunk/webapps/docs/config/filter.xml
Modified: tomcat/trunk/webapps/docs/config/filter.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/filter.xml?rev=1489738&r1=1489737&r2=1489738&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/filter.xml (original)
+++ tomcat/trunk/webapps/docs/config/filter.xml Wed Jun 5 08:21:18 2013
@@ -112,51 +112,51 @@
<p>The minimal configuration required to use this filter is:</p>
<source>
<filter>
- <filter-name>CORSFilter</filter-name>
-
<filter-class>org.apache.catalina.filters.CORSFilter</filter-class>
+ <filter-name>CorsFilter</filter-name>
+
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
- <filter-name>CORSFilter</filter-name>
+ <filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</source>
</subsection>
<subsection name="Filter Class Name">
<p>The filter class name for the CORS Filter is
- <strong><code>org.apache.catalina.filters.CORSFilter</code></strong>.</p>
+ <strong><code>org.apache.catalina.filters.CorsFilter</code></strong>.</p>
</subsection>
<subsection name="Initialisation parameters">
<p>The CORS Filter supports following initialisation parameters:</p>
<attributes>
<attribute name="cors.allowed.origins" required="false">
<p>A list of <a href="http://tools.ietf.org/html/rfc6454";>origins</a>
- that are allowed to access the resource. A <code>'*'</code> can be
+ that are allowed to access the resource. A <code>*</code> can be
specified to enable access to resource from any origin. Otherwise, a
- whitelist of comma separated origins can be provided. Eg:
- http://www.w3.org, https://www.apache.org.
+ whitelist of comma separated origins can be provided. Eg: <code>
+ http://www.w3.org, https://www.apache.org</code>.
<strong>Defaults:</strong> <code>*</code> (Any origin is allowed to
access the resource).</p>
</attribute>
<attribute name="cors.allowed.methods" required="false">
<p>A comma separated list of HTTP methods that can be used to access
the
resource, using cross-origin requests. These are the methods which will
- also be included as part of 'Access-Control-Allow-Methods' header in a
- pre-flight response. Eg: <code>GET,POST</code>.
- <strong>Defaults:</strong> <code>GET,POST,HEAD,OPTIONS</code></p>
+ also be included as part of <code>Access-Control-Allow-Methods</code>
+ header in pre-flight response. Eg: <code>GET, POST</code>.
+ <strong>Defaults:</strong> <code>GET, POST, HEAD, OPTIONS</code></p>
</attribute>
<attribute name="cors.allowed.headers" required="false">
<p>A comma separated list of request headers that can be used when
- making an actual request. These header will also be returned as part of
- <code>'Access-Control-Allow-Headers'</code> header in a pre-flight
+ making an actual request. These headers will also be returned as part
+ of <code>Access-Control-Allow-Headers</code> header in a pre-flight
response. Eg: <code>Origin,Accept</code>. <strong>Defaults:</strong>
<code>Origin, Accept, X-Requested-With, Content-Type,
Access-Control-Request-Method,
Access-Control-Request-Headers</code></p>
</attribute>
<attribute name="cors.exposed.headers" required="false">
- <p>A comma separated list of headers other than the simple response
- headers that browsers are allowed to access. These are the headers
which
- will also be included as part of 'Access-Control-Expose-Headers' header
- in the pre-flight response. Eg:
+ <p>A comma separated list of headers other than simple response headers
+ that browsers are allowed to access. These are the headers which will
+ also be included as part of <code>Access-Control-Expose-Headers</code>
+ header in the pre-flight response. Eg:
<code>X-CUSTOM-HEADER-PING,X-CUSTOM-HEADER-PONG</code>.
<strong>Default:</strong> None. Non-simple headers are not exposed by
default.</p>
@@ -164,15 +164,15 @@
<attribute name="cors.preflight.maxage" required="false">
<p>The amount of seconds, browser is allowed to cache the result of the
pre-flight request. This will be included as part of
- <code>'Access-Control-Max-Age'</code> header in the pre-flight
response.
+ <code>Access-Control-Max-Age</code> header in the pre-flight response.
A negative value will prevent CORS Filter from adding this response
- header from pre-flight response. <strong>Defaults:</strong>
+ header to pre-flight response. <strong>Defaults:</strong>
<code>1800</code></p>
</attribute>
<attribute name="cors.support.credentials" required="false">
<p>A flag that indicates whether the resource supports user
credentials.
This flag is exposed as part of
- <code>'Access-Control-Allow-Credentials'</code> header in a pre-flight
+ <code>Access-Control-Allow-Credentials</code> header in a pre-flight
response. It helps browser determine whether or not an actual request
can be made using credentials. <strong>Defaults:</strong>
<code>true</code></p>
@@ -187,8 +187,8 @@
defaults:</p>
<source>
<filter>
- <filter-name>CORSFilter</filter-name>
-
<filter-class>org.apache.catalina.filters.CORSFilter</filter-class>
+ <filter-name>CorsFilter</filter-name>
+
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
@@ -215,21 +215,21 @@
</init-param>
</filter>
<filter-mapping>
- <filter-name>CORS Filter</filter-name>
+ <filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</source>
</subsection>
<subsection name="CORS Filter and HttpServletRequest attributes">
- <p>CORS Filter adds information about a request, in the HttpServletRequest
+ <p>CORS Filter adds information about the request, in HttpServletRequest
object, for consumption downstream. Following attributes are set, if
<code>cors.request.decorate</code> initialisation parameter is
<code>true</code>:</p>
<ul>
- <li><strong>cors.isCorsRequest:</strong> Flag to determine if a request
is
+ <li><strong>cors.isCorsRequest:</strong> Flag to determine if request is
a CORS request.</li>
<li><strong>cors.request.origin:</strong> The Origin URL, i.e. the URL of
- the page from where the request is originated.</li>
+ the page from where the request originated.</li>
<li><strong>cors.request.type:</strong> Type of CORS request. Possible
values:
<ul>
@@ -244,8 +244,9 @@
</ul>
</li>
<li><strong>cors.request.headers:</strong> Request headers sent as
- 'Access-Control-Request-Headers' header, for a pre-flight request.
- </li>
+ <code>Access-Control-Request-Headers</code> header, for a pre-flight
+ request.
+ </li>
</ul>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
