[Bug 55046] New: CORS Filter

[bugzilla]

https://issues.apache.org/bugzilla/show_bug.cgi?id=55046

Bug ID: 55046
   Summary: CORS Filter
   Product: Tomcat 8
   Version: trunk
  Hardware: All
OS: All
Status: NEW
  Severity: enhancement
  Priority: P2
 Component: Catalina
  Assignee: dev@tomcat.apache.org
  Reporter: mohitsoni1...@gmail.com

Created attachment 30363
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=30363&action=edit
A patch file containing CORS filter source code, units tests, and changes to
tomcat documentation's filter.xml.

CORS Filter implementation

This is an enhancement request to include CORS Filter as one of Tomcat's
container provided filters.

CORS (Cross Origin Resource Sharing) is a W3C specification
(http://www.w3.org/TR/cors/) that defines a mechanism to enable cross origin
requests. This is a Java Servlet Filter implementation of server-side CORS.

Here are few reasons that makes this implementation is a good fit:
* Implements all required sections of the spec for servers. Handles
simple/actual and pre-flight requests as per the specification.
* Written specifically to fit well with Tomcat's source, and is formatted the
same as Tomcat's source.
* Filter implementation is just one class and is well Javadoc'd
* Includes ample unit tests to validate the implementation against the spec
* Simple to configure minimally and use
* Easy to override default configuration, if required
* Protects against CRLF injection / response splitting attacks.

We(eBay) would like to contribute this implementation to Apache Software
Foundation, to be included in Tomcat 8. And, I would also like to maintain and
develop it, going forward. 

It's true that as a Servlet Filter, any webapp developer may add it to their
app whether Tomcat includes it or not, but we believe that this is fundamental
server behavior that should be present and easy to enable in the server, as it
is in some other servers.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 55046] CORS Filter

[bugzilla]

https://issues.apache.org/bugzilla/show_bug.cgi?id=55046

Mohit Soni  changed:

   What|Removed |Added

  Attachment #30363|0   |1
   is patch||

--- Comment #2 from Mohit Soni  ---
Comment on attachment 30363
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=30363
A patch file containing CORS filter source code, units tests, and changes to
tomcat documentation's filter.xml.

Marked attachment as a patch.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 55046] CORS Filter

[bugzilla]

https://issues.apache.org/bugzilla/show_bug.cgi?id=55046

Mohit Soni  changed:

   What|Removed |Added

 CC||mohitsoni1...@gmail.com

--- Comment #1 from Mohit Soni  ---
Created attachment 30364
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=30364&action=edit
CORS Filter's request processing flowchart.

Please include this flowchart image into webapps/docs/images/ folder. I have
linked this from CORS documentation section in filter.xml.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: CORS Filter

[mohit soni]

I have created an enhancement request in Tomcat 8, Bugzilla. Here's the
link: https://issues.apache.org/bugzilla/show_bug.cgi?id=55046

Mohit


On Fri, May 31, 2013 at 3:09 AM, Mark Thomas  wrote:

> On 30/05/2013 22:06, Jason Brittain wrote:
>
> > Thoughts?
>
> Create an enhancement request in Bugzilla.
>
> I note that there was a request for this a few months ago on the users
> list.
>
> Mark
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>