<div dir="ltr">oh... :) <div><br></div><div>can u make a PR, against that "cors" branch ? </div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Jun 19, 2013 at 4:43 PM, Apostolos Emmanouilidis <span dir="ltr"><<a href="mailto:aemmanou@redhat.com" target="_blank">aemmanou@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><u></u>
<div>
Hi,<br>
<br>
The OPTIONS request method which handles the preflight request is correct but CORS headers should be added at the POST method response headers as well. I've performed the below changes and it worked. The changes are marked with bold.<br>
<br>
In addition change the clientIdentifier to alias in the request body.<br>
<br>
<b>private Response makeCORS(ResponseBuilder rb) {</b><br>
<b> rb.header("Access-Control-Allow-Origin", "*")</b><br>
<b> .header("Access-Control-Allow-Methods", "GET, POST, OPTIONS, PUT, DELETE")</b><br>
<b> .header("Access-Control-Allow-Headers", "accept, origin, ag-mobile-variant, content-type");</b><br>
<b> </b><br>
<b> return rb.build();</b><br>
<b>}</b><br>
<br>
@POST<br>
@Consumes(MediaType.APPLICATION_JSON)<br>
public Response registerInstallation(<br>
MobileVariantInstanceImpl entity,<br>
@Context HttpServletRequest request) {<br>
<br>
...<br>
<br>
return <b>makeCORS</b>(Response.ok(<b>"[]"</b>));<div class="im"><br>
}<br>
<br>
<br>
On Wed, 2013-06-19 at 11:52 +0200, Matthias Wessendorf wrote:
<blockquote type="CITE">
Hi,
</blockquote>
<blockquote type="CITE">
<br>
<br>
</blockquote>
<blockquote type="CITE">
trying to add CORS, to the Server (using RestEasy), I did this:
</blockquote>
<blockquote type="CITE">
<a href="https://github.com/aerogear/aerogear-unified-push-server/commit/7ccb2e7fb" target="_blank">https://github.com/aerogear/aerogear-unified-push-server/commit/7ccb2e7fb</a>
</blockquote>
<blockquote type="CITE">
<br>
<br>
</blockquote>
<blockquote type="CITE">
(and some more variations.... (e.g. see the comment out "Access-Control-Allow-Origin", where I am returing the EXACT Origin))
</blockquote>
<blockquote type="CITE">
<br>
<br>
</blockquote>
<blockquote type="CITE">
<br>
<br>
</blockquote>
<blockquote type="CITE">
Here is a JavaScript sample:
</blockquote>
<blockquote type="CITE">
<a href="http://jsfiddle.net/JY6n4/" target="_blank">http://jsfiddle.net/JY6n4/</a><br>
<br>
</blockquote>
<blockquote type="CITE">
<br>
<br>
</blockquote>
<blockquote type="CITE">
<br>
<br>
</blockquote>
<blockquote type="CITE">
Just click on the "Register a device" button, and see the errors in the console....
</blockquote>
<blockquote type="CITE">
<br>
<br>
</blockquote>
<blockquote type="CITE">
So, I am always (with the above jsFiddle) getting:
</blockquote>
<blockquote type="CITE">
Origin <a href="http://fiddle.jshell.net/" target="_blank">http://fiddle.jshell.net</a> is not allowed by Access-Control-Allow-Origin. <br>
<br>
</blockquote>
<blockquote type="CITE">
<br>
<br>
</blockquote>
<blockquote type="CITE">
regardless if I use "*" or "<a href="http://fiddle.jshell.net" target="_blank">http://fiddle.jshell.net</a>" (explicit Origin), on the "Access-Control-Allow-Origin". I always thought that "*" is a wildcard.... allowing everybody and their mother to access the server.
</blockquote>
<blockquote type="CITE">
<br>
<br>
</blockquote>
<blockquote type="CITE">
BTW.
</blockquote>
<blockquote type="CITE">
This happens with jQuery _and_ vanilla.js (XHR)..... So....... I am really overasked, but ... is it possible that the response is correct (at least the setup / my src), but that RestEasy has any problems with that stuff ??<br>
<br>
</blockquote>
<blockquote type="CITE">
<br>
<br>
</blockquote>
<blockquote type="CITE">
<br>
<br>
</blockquote>
<blockquote type="CITE">
A few more eyes are highly appreciated on this "issue".
</blockquote>
<blockquote type="CITE">
<br>
<br>
</blockquote>
<blockquote type="CITE">
thanks!!
</blockquote>
<blockquote type="CITE">
Matthias
</blockquote>
<blockquote type="CITE">
<br>
</blockquote>
<blockquote type="CITE">
<br>
<br>
</blockquote>
</div><blockquote type="CITE">
<pre>_______________________________________________
aerogear-dev mailing list
<a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a>
</pre>
</blockquote>
<br>
</div>
<br>_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br>
<br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div>