# HG changeset patch
# User Javier Armendáriz <javier.armendariz@openbravo.com>
# Date 1516955159 -3600
#      Fri Jan 26 09:25:59 2018 +0100
# Node ID 787fcef2d6c179360a28435a7c4f7c8f3e9d7d91
# Parent  889d74074bf0a78c9c84147d9fa2937e5c849623
Fixed bug 37627: Web services does not handle CORS properly.

Web service servlet does not handle CORS so cross-domain request would fail. Adding the CORS handler in the base servlet for web services.

diff --git a/src/org/openbravo/service/web/BaseWebServiceServlet.java b/src/org/openbravo/service/web/BaseWebServiceServlet.java
--- a/src/org/openbravo/service/web/BaseWebServiceServlet.java
+++ b/src/org/openbravo/service/web/BaseWebServiceServlet.java
@@ -11,7 +11,7 @@
  * under the License. 
  * The Original Code is Openbravo ERP. 
  * The Initial Developer of the Original Code is Openbravo SLU 
- * All portions are Copyright (C) 2008-2017 Openbravo SLU 
+ * All portions are Copyright (C) 2008-2018 Openbravo SLU 
  * All Rights Reserved. 
  * Contributor(s):  ______________________________________.
  ************************************************************************
@@ -33,6 +33,7 @@
 import org.openbravo.authentication.AuthenticationManager;
 import org.openbravo.base.exception.OBSecurityException;
 import org.openbravo.base.provider.OBProvider;
+import org.openbravo.base.secureApp.AllowedCrossDomainsHandler;
 import org.openbravo.base.session.OBPropertiesProvider;
 import org.openbravo.dal.core.OBContext;
 import org.openbravo.dal.core.SessionHandler;
@@ -64,6 +65,8 @@
 
     final boolean sessionExists = request.getSession(false) != null;
 
+    AllowedCrossDomainsHandler.getInstance().setCORSHeaders(request, response);
+
     // do the login action
     AuthenticationManager authManager = AuthenticationManager.getAuthenticationManager(this);
 
@@ -89,8 +92,8 @@
     } catch (AuthenticationException e) {
       final boolean sessionCreated = !sessionExists && null != request.getSession(false);
       if (sessionCreated && AuthenticationManager.isStatelessRequest(request)) {
-        log.warn("Stateless request, still a session was created " + request.getRequestURL()
-            + " " + request.getQueryString());
+        log.warn("Stateless request, still a session was created " + request.getRequestURL() + " "
+            + request.getQueryString());
       }
 
       response.setStatus(HttpServletResponse.SC_FORBIDDEN);