NAME
Plack::Middleware::AllowCrossSiteAJAX - Set the CORS Access-Control-Allow-Origin header family
SYNOPSIS
# in app.psgi
use Plack::Builder;
builder {
enable "AllowCrossSiteAJAX";
$app;
};DESCRIPTION
Plack::Middleware::AllowCrossSiteAJAX allows your client browser to submit XmlHttpRequest documents to your server if they were referred by a different site.
This is according to the Cross-Origin Resource Sharing (CORS) standard, as published at http://www.w3.org/TR/access-control/
CONFIGURATIONS
- origin
-
A string that specifies the allowed origin web site. Defaults to '*' which means any origin is allowed.
- credentials
-
A boolean whether or not credentials should be forwarded to this page. Defaults to 1. If you want to forward credentials, you should also add the following Javascript to your page:
// From: http://www.nczonline.net/blog/2010/05/25/cross-domain-ajax-with-cross-origin-resource-sharing/ function createCORSRequest(method, url){ var xhr = new XMLHttpRequest(); if ("withCredentials" in xhr){ xhr.open(method, url, true); } else if (typeof XDomainRequest != "undefined"){ xhr = new XDomainRequest(); xhr.open(method, url); } else { xhr = null; } return xhr; }And then call 'var xhr = createCORSRequest(method, url); xhr.withCredentials = "true";' when you want to have an XMLHttpRequest that forwards credentials.
- custom_headers
-
An arrayref of any custom headers that are allowed to be submitted to the page. Default is [].
- default_headers
-
An arrayref of standard headers that are allowed to be submitted to the page. Default taken from http://www.webdavsystem.com/ajax/programming/cross_origin_requests
- methods
-
An arrayref that specifies the HTTP methods allowed by this page. Defaults to all standard HTTP and WebDAV methods (['GET', 'POST', ...]).
- timeout
-
An integer that specifies the number of seconds before the client should refresh this information. Defaults to 30.
AUTHOR
Leo Lapworth Michael FIG (Original author)