CORSFilter.java

package io.fathom.cloud.server;

import java.io.IOException;

import javax.inject.Singleton;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;

/**
 * Very simple CORS filter
 * 
 */
@Singleton
public class CORSFilter implements Filter {

    // TODO: Should we use this instead?
    // http://software.dzhuvinov.com/cors-filter-installation.html

    private static final String HEADER_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
    private static final String HEADER_ALLOW_HEADERS = "Access-Control-Allow-Headers";
    private static final String HEADER_ALLOW_METHODS = "Access-Control-Allow-Methods";

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
            ServletException {
        HttpServletResponse httpResponse = (HttpServletResponse) response;
        httpResponse.addHeader(HEADER_ALLOW_ORIGIN, "*");
        httpResponse.addHeader(HEADER_ALLOW_HEADERS, "Content-Type, X-Auth-Token");
        httpResponse.addHeader(HEADER_ALLOW_METHODS, "GET, POST, HEAD, OPTIONS, PUT");

        chain.doFilter(request, response);
    }

    @Override
    public void destroy() {
    }

}