Git Repo Viewer
git.user254.kr/gitiles/06edb506e453f3cf3db75a7d91d3035adcc03290^!/.
commit
06edb506e453f3cf3db75a7d91d3035adcc03290
[log] [tgz]
author
Dave Borowitz <[email protected]>
Thu Apr 04 11:02:36 2013 -0700
committer
Dave Borowitz <[email protected]>
Thu Apr 04 11:19:22 2013 -0700
tree
0898427d9f12a6af51698202bf7ca2439d59eb26
parent
0c944766d97d5a0dc8fba4913d10585ded8f795a [diff]
Set Access-Control-Allow-Origin: * on API requests

This allows scripts from arbitrary sites to access API endpoints, and
only if the requests are unauthenticated.

See also:
https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS

Change-Id: I3b356fad9337ec79e3f69d402f918d14841249a0

diff --git a/gitiles-servlet/src/main/java/com/google/gitiles/BaseServlet.java b/gitiles-servlet/src/main/java/com/google/gitiles/BaseServlet.java
index 1fbee33..e344b70 100644
--- a/gitiles-servlet/src/main/java/com/google/gitiles/BaseServlet.java
+++ b/gitiles-servlet/src/main/java/com/google/gitiles/BaseServlet.java

@@ -276,6 +276,7 @@
     res.setContentType(type.getMimeType());
     res.setCharacterEncoding(Charsets.UTF_8.name());
     res.setHeader(HttpHeaders.CONTENT_DISPOSITION, "attachment");
+    res.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "*");
     setCacheHeaders(req, res);
   }
 }