diff --git a/src/main/java/li/strolch/rest/filters/AccessControlResponseFilter.java b/src/main/java/li/strolch/rest/filters/AccessControlResponseFilter.java index e4c684de7..3f3325668 100644 --- a/src/main/java/li/strolch/rest/filters/AccessControlResponseFilter.java +++ b/src/main/java/li/strolch/rest/filters/AccessControlResponseFilter.java @@ -1,6 +1,7 @@ package li.strolch.rest.filters; import java.io.IOException; +import java.text.MessageFormat; import javax.annotation.Priority; import javax.ws.rs.Priorities; @@ -17,6 +18,11 @@ import org.slf4j.LoggerFactory; @Priority(Priorities.HEADER_DECORATOR) public class AccessControlResponseFilter implements ContainerResponseFilter { + private static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods"; //$NON-NLS-1$ + private static final String ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers"; //$NON-NLS-1$ + private static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers"; //$NON-NLS-1$ + private static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin"; //$NON-NLS-1$ + private static final Logger logger = LoggerFactory.getLogger(AccessControlResponseFilter.class); private static boolean corsEnabled; @@ -48,14 +54,17 @@ public class AccessControlResponseFilter implements ContainerResponseFilter { if (!logged) { logged = true; - logger.info("Enabling CORS for origin: " + origin); + logger.info(MessageFormat.format("Enabling CORS for origin: {0}", origin)); //$NON-NLS-1$ } MultivaluedMap headers = responseContext.getHeaders(); - headers.add("Access-Control-Allow-Origin", origin); - headers.add("Access-Control-Allow-Headers", "Authorization, Origin, X-Requested-With, Content-Type"); - headers.add("Access-Control-Expose-Headers", "Location, Content-Disposition"); - headers.add("Access-Control-Allow-Methods", "POST, PUT, GET, DELETE, HEAD, OPTIONS"); + // allow for the configured origin + headers.add(ACCESS_CONTROL_ALLOW_ORIGIN, origin); + + // and set the allowed HTTP headers and methods + headers.add(ACCESS_CONTROL_ALLOW_HEADERS, "Authorization, Origin, X-Requested-With, Content-Type"); //$NON-NLS-1$ + headers.add(ACCESS_CONTROL_EXPOSE_HEADERS, "Location, Content-Disposition"); //$NON-NLS-1$ + headers.add(ACCESS_CONTROL_ALLOW_METHODS, "POST, PUT, GET, DELETE, HEAD, OPTIONS"); //$NON-NLS-1$ } } \ No newline at end of file diff --git a/src/main/java/li/strolch/rest/filters/CharsetResponseFilter.java b/src/main/java/li/strolch/rest/filters/CharsetResponseFilter.java new file mode 100644 index 000000000..f190319d2 --- /dev/null +++ b/src/main/java/li/strolch/rest/filters/CharsetResponseFilter.java @@ -0,0 +1,36 @@ +package li.strolch.rest.filters; + +import java.io.IOException; + +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.container.ContainerResponseContext; +import javax.ws.rs.container.ContainerResponseFilter; +import javax.ws.rs.core.HttpHeaders; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.ext.Provider; + +/** + * The JSON generated is not in the same charset as the rest of the response, thus we override it to UTF-8 with this + * response filter + * + * @author Robert von Burg + */ +@Provider +public class CharsetResponseFilter implements ContainerResponseFilter { + + private static final String UTF_8 = "utf-8"; //$NON-NLS-1$ + + @Override + public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) + throws IOException { + + MediaType contentType = responseContext.getMediaType(); + if (contentType != null) { + String charset = contentType.getParameters().get(MediaType.CHARSET_PARAMETER); + if (charset == null || !charset.equalsIgnoreCase(UTF_8)) { + contentType = contentType.withCharset(UTF_8); + responseContext.getHeaders().putSingle(HttpHeaders.CONTENT_TYPE, contentType.toString()); + } + } + } +} \ No newline at end of file