SuperPlan(14)Winner Seller Server - JSON Cross Domain-优快云博客

本文详细介绍了如何在服务器端实现跨域访问支持，并通过配置文件指定允许的域名白名单。同时，介绍了客户端如何通过JSONP发送带凭证的请求。文中还提供了具体的Scalacode示例及配置项。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

SuperPlan(14)Winner Seller Server - JSON Cross Domain

16. JSON cross domain
I will rock and roll in JSON REST and JSON client now. JSONP is not what I want.

It is complex than I thought. Actually, I make the JSON basic auth working with JSONP basic auth. JSONP is for the navigate bars, JSON is working for the products right now.

16.1 Server Side
I need to extend the HttpHeader to enable the cross domain access. The documents in spray are not in detail, it take time to understand and read the source scala codes in spray.
package object CrossDomainHeaders {
case class Origin(origin: String) extends HttpHeader {
def name = "Origin"
def lowercaseName = "origin"
def value = origin
}

case class `Access-Control-Allow-Origin`(origin: String) extends HttpHeader {
def name = "Access-Control-Allow-Origin"
def lowercaseName = "access-control-allow-origin"
def value = origin
}

case class `Access-Control-Allow-Headers`(origin: String) extends HttpHeader {
def name = "Access-Control-Allow-Headers"
def lowercaseName = "access-control-allow-headers"
def value = origin
}

case class `Access-Control-Allow-Methods`(origin: String) extends HttpHeader {
def name = "Access-Control-Allow-Methods"
def lowercaseName = "access-control-allow-methods"
def value = origin
}

case class `Access-Control-Allow-Credentials`(allowed: Boolean) extends HttpHeader {
def name = "Access-Control-Allow-Credentials"
def lowercaseName = "access-control-allow-credentials"
def value = if(allowed) "true" else "false"
}
}

In my router, I need to consider to get the request header, find out the origin URL and match my white list of the domain names.
…snip...
implicit val productFormatter = ProductJsonProtocol.ProductJsonFormat
headerValueByName("Origin") { originHeader =>
respondWithHeaders(`Access-Control-Allow-Origin`(originHeader),`Access-Control-Allow-Credentials`(true)) {
authenticate(BasicAuth(new BrandUserPassAuthenticator(dao), "Realm")) { user =>
…snip…

Right now, it will access all the domain names, because it just say originHeader, I will rewrite it to match a white list.

Here is the way to read the white list in configuration file.
server {
address = "0.0.0.0"
port = 9001
crossdomain.eanble = true
crossdomain.list = [ "http://localhost:9000", "http://localhost:9001" ]
}

val lists = config.getStringList("server.crossdomain.list")

16.2 Client Side
There is nothing special on the client, because we send the credential to server via jsonp.
//json
if(config.productsProvider == 'json'){
options.dataType = "json";
options.crossDomain = true;
options.xhrFields = { withCredentials: true };

//options.beforeSend = function (xhr) {
// xhr.setRequestHeader('Authorization', 'Basic Y3VzdG9tZXI6Y3VzdG9tZXI=');
//};

var url_str = 'http://' + config.remoteServerURL + ':' + config.remoteServerPort
url_str = url_str + '/' + config.apiVersion + '/' + config.brandName + '/' + 'products';
options.url = url_str;
}

17. Jasmine
come sonn...

18. Integration(Backbone + Require + Jasmine + Phantom + Grunt + Bootstrap)
come soon…

References:
superPlan 13
http://sillycat.iteye.com/blog/1885313

integration
http://hdnrnzk.me/2013/01/10/backbone-requirejs-jasmine-phantomjs-and-grunt/
https://github.com/ghiden/backbone-requirejs-jasmine-phantomjs-grunt-setup

superplan(11) phantom
http://sillycat.iteye.com/blog/1874971