Example #1
0
 /**
  * Return if origins are the same.
  *
  * @param request The sling request
  * @return if origins are the same.
  */
 protected Boolean isCORS(final SlingHttpServletRequest request) {
   if (null == externalizer) {
     return false;
   }
   final String localOrigin = externalizer.absoluteLink(request, request.getScheme(), "");
   if (!(localOrigin.equals(request.getHeader("Origin")))) {
     return true;
   }
   return false;
 }
Example #2
0
 /**
  * Allow origin access control.
  *
  * @param request The sling request
  * @param response The sling response
  */
 protected void allowCORS(
     final SlingHttpServletRequest request, final SlingHttpServletResponse response) {
   if (null == externalizer) {
     return;
   }
   final String localOrigin = externalizer.absoluteLink(request, request.getScheme(), "");
   if (!(localOrigin.equals(request.getHeader("Origin")))) {
     response.setHeader("Access-Control-Allow-Credentials", "true");
     response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
     response.setHeader("Access-Control-Allow-Headers", "CONTENT-TYPE, LOCATION, *");
     response.setHeader("Access-Control-Expose-Headers", "Content-Type, Location");
   }
 }
Example #3
0
  /**
   * Writes a proper UGC response to the response. This handles both HTML and REST style responses.
   *
   * @param request the current request
   * @param response the response to write to
   * @param resource the resource to serialize
   * @param location a different location to send to the client.
   * @return if it can write to UGC
   * @throws IOException IO Error
   * @throws ServletException Servlet Error
   */
  protected boolean writeUGCResponse(
      final SlingHttpServletRequest request,
      final SlingHttpServletResponse response,
      final Resource resource,
      final String location)
      throws ServletException, IOException {

    final String extension = request.getRequestPathInfo().getExtension();
    boolean ugcResponseWritten = false;
    if (StringUtils.equalsIgnoreCase(extension, "html")) {
      response.setHeader(HttpHeaders.CONTENT_TYPE, "text/html");
      response.setCharacterEncoding("utf-8");
      final SlingHttpServletRequest includeRequest = new TemplateHandlingRequest(request);
      final String templateRequested = request.getParameter(TEMPLATE_FORM_ID);
      final RequestDispatcherOptions options = new RequestDispatcherOptions();
      if (null != templateRequested) {
        options.setReplaceSelectors(templateRequested);
        final Resource newResource = request.getResourceResolver().getResource(resource.getPath());
        includeRequest.getRequestDispatcher(newResource, options).include(includeRequest, response);
        response.setStatus(HttpServletResponse.SC_CREATED);

        final String locationURL = (null != location) ? location : resource.getPath();
        if (!isCORS(request)) {
          response.setHeader(HttpHeaders.LOCATION, locationURL);
        } else {
          // response.setHeader(HttpHeaders.LOCATION,
          // externalizer.externalLink(request.getResourceResolver(),
          // (wcmMode == WCMMode.DISABLED) ? Externalizer.PUBLISH : Externalizer.AUTHOR,
          // locationURL));
          response.setHeader(
              HttpHeaders.LOCATION,
              externalizer.absoluteLink(request, request.getScheme(), locationURL));
        }
        ugcResponseWritten = true;
      }
    }
    return ugcResponseWritten;
  }