[aerogear-dev] CORS: Help needed
Matthias Wessendorf
matzew at apache.org
Wed Jun 19 07:04:38 EDT 2013
Posted to RestEasy list as wel:
http://permalink.gmane.org/gmane.comp.java.resteasy.user/564
-M
On Wed, Jun 19, 2013 at 12:51 PM, Matthias Wessendorf <matzew at apache.org>wrote:
>
>
>
> On Wed, Jun 19, 2013 at 12:47 PM, Daniel Bevenius <
> daniel.bevenius at gmail.com> wrote:
>
>> When you tried that, did you specify the "Access-Control-Allow-Origin" to
>> be that of the "Origin" of the request
>>
>
> both versions, as said.
>
>
> https://github.com/aerogear/aerogear-unified-push-server/commit/7ccb2e7fb#L0R64
>
> that is commented out, and does not work as well
>
>
>
>> , or did you use the '*' wildcard?
>> It think it would fail unless you specify "*" (
>> http://www.w3.org/TR/cors/#access-control-allow-credentials-response-header
>> )
>>
>
> not sure what you are asking, but I tried both (separated)
>
> "*"
> and/or
> "request.getHeader("Origin")", which is the one from the incoming request
>
>
> see
>
>
>
>>
>>
>>
>> On 19 June 2013 12:32, Matthias Wessendorf <matzew at apache.org> wrote:
>>
>>>
>>>
>>>
>>> On Wed, Jun 19, 2013 at 12:29 PM, Daniel Bevenius <
>>> daniel.bevenius at gmail.com> wrote:
>>>
>>>> I noticed that you are not setting "Access-Control-Allow-Credentials".
>>>> I'm not sure what the underlying JS is setting .withCredentials on the
>>>> XMLHttpRequest object, but if it is then this request would fail.
>>>>
>>>
>>>
>>> tried with and without -> no difference
>>>
>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 19 June 2013 12:03, Matthias Wessendorf <matzew at apache.org> wrote:
>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Jun 19, 2013 at 11:59 AM, Bruno Oliveira <bruno at abstractj.org>wrote:
>>>>>
>>>>>> Have you tried Resteasy mailing list?
>>>>>>
>>>>>
>>>>> that's next :-)
>>>>>
>>>>> I guess I wanted a second pair of eyes here :)
>>>>>
>>>>>
>>>>>
>>>>>>
>>>>>> Matthias Wessendorf wrote:
>>>>>> > Hi,
>>>>>> >
>>>>>> > trying to add CORS, to the Server (using RestEasy), I did this:
>>>>>> >
>>>>>> https://github.com/aerogear/aerogear-unified-push-server/commit/7ccb2e7fb
>>>>>> >
>>>>>> > (and some more variations.... (e.g. see the comment out
>>>>>> > "Access-Control-Allow-Origin", where I am returing the EXACT
>>>>>> Origin))
>>>>>> >
>>>>>> >
>>>>>> > Here is a JavaScript sample:
>>>>>> > http://jsfiddle.net/JY6n4/
>>>>>> >
>>>>>> >
>>>>>> > Just click on the "Register a device" button, and see the errors in
>>>>>> the
>>>>>> > console....
>>>>>> >
>>>>>> > So, I am always (with the above jsFiddle) getting:
>>>>>> > Origin http://fiddle.jshell.net <http://fiddle.jshell.net/> is not
>>>>>> > allowed by Access-Control-Allow-Origin.
>>>>>> >
>>>>>> > regardless if I use "*" or "http://fiddle.jshell.net" (explicit
>>>>>> Origin),
>>>>>> > on the "Access-Control-Allow-Origin". I always thought that "*"
>>>>>> is a
>>>>>> > wildcard.... allowing everybody and their mother to access the
>>>>>> server.
>>>>>> >
>>>>>> > BTW.
>>>>>> > This happens with jQuery _and_ vanilla.js (XHR)..... So....... I am
>>>>>> > really overasked, but ... is it possible that the response is
>>>>>> correct
>>>>>> > (at least the setup / my src), but that RestEasy has any problems
>>>>>> with
>>>>>> > that stuff ??
>>>>>> >
>>>>>> >
>>>>>> > A few more eyes are highly appreciated on this "issue".
>>>>>> >
>>>>>> > thanks!!
>>>>>> > Matthias
>>>>>> >
>>>>>> >
>>>>>> > --
>>>>>> > Matthias Wessendorf
>>>>>> >
>>>>>> > blog: http://matthiaswessendorf.wordpress.com/
>>>>>> > sessions: http://www.slideshare.net/mwessendorf
>>>>>> > twitter: http://twitter.com/mwessendorf
>>>>>> >
>>>>>> > _______________________________________________
>>>>>> > aerogear-dev mailing list
>>>>>> > aerogear-dev at lists.jboss.org
>>>>>> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>>
>>>>>> --
>>>>>> abstractj
>>>>>>
>>>>>> _______________________________________________
>>>>>> aerogear-dev mailing list
>>>>>> aerogear-dev at lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Matthias Wessendorf
>>>>>
>>>>> blog: http://matthiaswessendorf.wordpress.com/
>>>>> sessions: http://www.slideshare.net/mwessendorf
>>>>> twitter: http://twitter.com/mwessendorf
>>>>>
>>>>> _______________________________________________
>>>>> aerogear-dev mailing list
>>>>> aerogear-dev at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>
>>>
>>>
>>>
>>> --
>>> Matthias Wessendorf
>>>
>>> blog: http://matthiaswessendorf.wordpress.com/
>>> sessions: http://www.slideshare.net/mwessendorf
>>> twitter: http://twitter.com/mwessendorf
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130619/fc9dd405/attachment.html
More information about the aerogear-dev
mailing list