Add basic support for CORS

Closes mapfish#504

core/src/main/java/org/mapfish/print/servlet/BaseMapServlet.java

@@ -4,6 +4,8 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
 
 import java.io.IOException;
 import java.io.PrintWriter;
@@ -121,4 +123,18 @@ protected final StringBuilder getBaseUrl(final HttpServletRequest httpServletReq
         }
         return baseURL;
     }
+
+    /**
+     * Answer to CORS OPTION requests.
+     *
+     * @param theHttpServletResponse The response
+     */
+    @RequestMapping(method = RequestMethod.OPTIONS)
+    public final void commonOptions(final HttpServletResponse theHttpServletResponse) {
+        theHttpServletResponse.addHeader("Access-Control-Allow-Headers",
+                "origin, content-type, accept, x-requested-with");
+        theHttpServletResponse.addHeader("Access-Control-Max-Age", "86400");
+        theHttpServletResponse.addHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS, DELETE");
+        theHttpServletResponse.addHeader("Access-Control-Allow-Origin", "*");
+    }
 }

core/src/main/java/org/mapfish/print/servlet/CorsFilterHandlerInterceptor.java

@@ -0,0 +1,25 @@
+package org.mapfish.print.servlet;
+
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Filter that adds CORS headers to every response.
+ */
+public final class CorsFilterHandlerInterceptor extends HandlerInterceptorAdapter {
+    /**
+     * Called before the reponse is built.
+     *
+     * @param request The request
+     * @param response The response
+     * @param handler The handler
+     */@Override
+    public boolean preHandle(final HttpServletRequest request, final HttpServletResponse response, final Object handler) throws Exception {
+        if (request.getHeader("Origin") != null && !response.containsHeader("Access-Control-Allow-Origin")) {
+            response.setHeader("Access-Control-Allow-Origin", "*");
+        }
+        return true;
+    }
+}

core/src/main/webapp/WEB-INF/mapfish-print-servlet.xml

@@ -2,11 +2,17 @@
 
 <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns:context="http://www.springframework.org/schema/context"
+    xmlns:mvc="http://www.springframework.org/schema/mvc"
     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
+        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+        http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
 
     <context:annotation-config/>
 
+    <mvc:interceptors>
+        <bean class="org.mapfish.print.servlet.CorsFilterHandlerInterceptor"/>
+    </mvc:interceptors>
+
     <bean name="CurrentAPI" class="org.mapfish.print.servlet.MapPrinterServlet">
         <property name="maxCreateAndGetWaitTimeInSeconds" value="30" />
     </bean>

core/src/main/webapp/WEB-INF/web.xml

@@ -90,6 +90,10 @@
         <servlet-name>mapfish-print</servlet-name>
         <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
         <load-on-startup>1</load-on-startup>
+        <init-param>
+            <param-name>dispatchOptionsRequest</param-name>
+            <param-value>true</param-value>
+        </init-param>
     </servlet>
 
     <servlet-mapping>
@@ -102,4 +106,4 @@
         <url-pattern>/sec/print/*</url-pattern>
     </servlet-mapping>
 
-</web-app>
+</web-app>

core/src/test/resources/org/mapfish/print/servlet/mapfish-print-servlet.xml

@@ -1,12 +1,19 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:mvc="http://www.springframework.org/schema/mvc"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+                           http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
+
+    <mvc:interceptors>
+        <bean class="org.mapfish.print.servlet.CorsFilterHandlerInterceptor"/>
+    </mvc:interceptors>
+
     <bean id="mapfishPrintServlet" class="org.mapfish.print.servlet.MapPrinterServlet">
         <property name="maxCreateAndGetWaitTimeInSeconds" value="30" />
     </bean>
-    <bean id="oldAPIMapfishPrintServlet" class="org.mapfish.print.servlet.oldapi.OldAPIMapPrinterServlet">
-    </bean>
+    <bean id="oldAPIMapfishPrintServlet" class="org.mapfish.print.servlet.oldapi.OldAPIMapPrinterServlet" />
 
     <bean id="mapPrinterFactory" class="org.mapfish.print.servlet.ServletMapPrinterFactory">
         <property name="configurationFiles">
@@ -17,4 +24,4 @@
     </bean>
 
     <bean id="sleeper" class="org.mapfish.print.servlet.MapPrinterServletTest.SleepProcessor" scope="prototype" />
-</beans>
+</beans>

examples/src/test/java/org/mapfish/print/PrintApiTest.java

@@ -197,13 +197,13 @@ public void testCreateReport_InvalidSpec() throws Exception {
     public void testCreateReport_RequestTooLarge() throws Exception {
         ClientHttpRequest request = getPrintRequest("geoext" + MapPrinterServlet.REPORT_URL + ".pdf", HttpMethod.POST);
         final String printSpec = getPrintSpec("examples/geoext/requestData.json");
-        
+
         // create a large, fake request
         StringBuilder largeRequest = new StringBuilder();
         for (int i = 0; i < 9999; i++) {
             largeRequest.append(printSpec);
         }
-        
+
         setPrintSpec(largeRequest.toString(), request);
         response = request.execute();
         assertNotEquals(HttpStatus.OK, response.getStatusCode());
@@ -472,6 +472,29 @@ public void testSecuredTemplate_CreateMap() throws Exception {
 
     }
 
+    @Test
+    public void testCors() throws Exception {
+        ClientHttpRequest request = getPrintRequest(MapPrinterServlet.LIST_APPS_URL, HttpMethod.GET);
+        response = request.execute();
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+        assertTrue(!response.getHeaders().containsKey("Access-Control-Allow-Origin"));
+
+        request = getPrintRequest(MapPrinterServlet.LIST_APPS_URL, HttpMethod.GET);
+        request.getHeaders().set("Origin", "http://example.com/");
+        response = request.execute();
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+        assertEquals("*", response.getHeaders().getFirst("Access-Control-Allow-Origin"));
+
+        request = getPrintRequest(MapPrinterServlet.LIST_APPS_URL, HttpMethod.OPTIONS);
+        request.getHeaders().set("Origin", "http://example.com/");
+        response = request.execute();
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+        assertEquals("*", response.getHeaders().getFirst("Access-Control-Allow-Origin"));
+        assertTrue(response.getHeaders().containsKey("Access-Control-Max-Age"));
+        assertTrue(response.getHeaders().containsKey("Access-Control-Allow-Methods"));
+        assertTrue(response.getHeaders().containsKey("Access-Control-Allow-Headers"));
+    }
+
     private JSONArray execCapabilitiesRequestWithAut(int expectedNumberOfLayouts, String credentials) throws IOException, URISyntaxException, JSONException {
         ClientHttpRequest request = getPrintRequest("secured_templates" + MapPrinterServlet.CAPABILITIES_URL, HttpMethod.GET);
         if (credentials != null) {