Kurzes Snippet, um CORS in einer remote CFC-Methode zu erlauben:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
<cfscript> // allow CORS requests from these domains only, leave off the subdomain variables.lstInternalDomains = 'foo.de,bar.de'; </cfscript> <cffunction name="setJSONHeaders" access="private" output="yes" returntype="void"> <cfargument name="lstInternalDomains" type="string" required="yes" /> <cfscript> var local = {}; local.pc = getpagecontext().getresponse(); local.pc.getresponse().setcontenttype('application/json; charset=utf-8'); local.headers = getHttpRequestData().headers; local.origin = ''; if (structKeyExists(local.headers,'Origin')) { local.origin = local.headers['Origin']; local.objUrl = createObject('java','java.net.URL').init(javaCast('string',local.origin)); local.strDomain = ReReplace(local.objUrl.getHost(),'^(?:.*\.)?([^.]*\..*)$','\1','ONE'); if (listFindNoCase(arguments.lstInternalDomains,local.strDomain)) { local.pc.setHeader('Access-Control-Allow-Origin',local.origin); local.pc.setHeader('Access-Control-Allow-Methods','GET, POST, HEAD, OPTIONS'); local.pc.setHeader('Access-Control-Allow-Headers','X-Requested-With, Origin, Content-Type, Accept'); } // end if (listFindNoCase(variables.lstInternalDomains,local.strDomain) } // end if (structKeyExists(local.headers,'Origin') return; </cfscript> </cffunction> ... <cffunction name="myMethod" access="remote"> <cfscript> if (structKeyExists(URL,'returnFormat') and (URL.returnFormat eq 'json')) { setJSONHeaders(lstInternalDomains=variables.lstInternalDomains); } ... </cfscript> </cffunction> |
Verwendung z.B. in jQuery
1 2 3 4 5 6 7 8 9 |
$.ajax({ url: 'http://www.remotedomain.de/webservices/MyComponent.cfc?returnFormat=json&method=myMethod', type: 'POST', data: {foo:'bar'}, crossDomain: true, success: function(data){ console.log(data); } }); |