<div dir="ltr">oh... :) <div><br></div><div>can u make a PR, against that &quot;cors&quot; branch ? </div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Jun 19, 2013 at 4:43 PM, Apostolos Emmanouilidis <span dir="ltr">&lt;<a href="mailto:aemmanou@redhat.com" target="_blank">aemmanou@redhat.com</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><u></u>


  
  

<div>
Hi,<br>
<br>
The OPTIONS request method which handles the preflight request is correct but CORS headers should be added at the POST method response headers as well. I&#39;ve performed the below changes and it worked. The changes are marked with bold.<br>

<br>
In addition change the clientIdentifier to alias in the request body.<br>
<br>
<b>private Response makeCORS(ResponseBuilder rb) {</b><br>
<b>    rb.header(&quot;Access-Control-Allow-Origin&quot;, &quot;*&quot;)</b><br>
<b>        .header(&quot;Access-Control-Allow-Methods&quot;, &quot;GET, POST, OPTIONS, PUT, DELETE&quot;)</b><br>
<b>        .header(&quot;Access-Control-Allow-Headers&quot;, &quot;accept, origin, ag-mobile-variant, content-type&quot;);</b><br>
<b>        </b><br>
<b>    return rb.build();</b><br>
<b>}</b><br>
    <br>
@POST<br>
@Consumes(MediaType.APPLICATION_JSON)<br>
public Response registerInstallation(<br>
    MobileVariantInstanceImpl entity,<br>
    @Context HttpServletRequest request) {<br>
<br>
...<br>
<br>
return <b>makeCORS</b>(Response.ok(<b>&quot;[]&quot;</b>));<div class="im"><br>
}<br>
<br>
<br>
On Wed, 2013-06-19 at 11:52 +0200, Matthias Wessendorf wrote:
<blockquote type="CITE">
    Hi,
</blockquote>
<blockquote type="CITE">
    <br>
    <br>
</blockquote>
<blockquote type="CITE">
    trying to add CORS, to the Server (using RestEasy), I did this:
</blockquote>
<blockquote type="CITE">
    <a href="https://github.com/aerogear/aerogear-unified-push-server/commit/7ccb2e7fb" target="_blank">https://github.com/aerogear/aerogear-unified-push-server/commit/7ccb2e7fb</a>
</blockquote>
<blockquote type="CITE">
    <br>
    <br>
</blockquote>
<blockquote type="CITE">
    (and some more variations.... (e.g. see the comment out &quot;Access-Control-Allow-Origin&quot;, where I am returing the EXACT Origin))
</blockquote>
<blockquote type="CITE">
    <br>
    <br>
</blockquote>
<blockquote type="CITE">
    <br>
    <br>
</blockquote>
<blockquote type="CITE">
    Here is a JavaScript sample:
</blockquote>
<blockquote type="CITE">
    <a href="http://jsfiddle.net/JY6n4/" target="_blank">http://jsfiddle.net/JY6n4/</a><br>
    <br>
</blockquote>
<blockquote type="CITE">
    <br>
    <br>
</blockquote>
<blockquote type="CITE">
    <br>
    <br>
</blockquote>
<blockquote type="CITE">
    Just click on the &quot;Register a device&quot; button, and see the errors in the console....
</blockquote>
<blockquote type="CITE">
    <br>
    <br>
</blockquote>
<blockquote type="CITE">
    So, I am always (with the above jsFiddle) getting:
</blockquote>
<blockquote type="CITE">
    Origin <a href="http://fiddle.jshell.net/" target="_blank">http://fiddle.jshell.net</a> is not allowed by Access-Control-Allow-Origin. <br>
    <br>
</blockquote>
<blockquote type="CITE">
    <br>
    <br>
</blockquote>
<blockquote type="CITE">
    regardless if I use &quot;*&quot; or &quot;<a href="http://fiddle.jshell.net" target="_blank">http://fiddle.jshell.net</a>&quot; (explicit Origin), on the &quot;Access-Control-Allow-Origin&quot;.     I always thought that &quot;*&quot; is a wildcard.... allowing everybody and their mother to access the server. 
</blockquote>
<blockquote type="CITE">
    <br>
    <br>
</blockquote>
<blockquote type="CITE">
    BTW.
</blockquote>
<blockquote type="CITE">
    This happens with jQuery _and_ vanilla.js (XHR)..... So....... I am really overasked, but ... is it possible that the response is correct (at least the setup / my src), but that RestEasy has any problems with that stuff ??<br>

    <br>
</blockquote>
<blockquote type="CITE">
    <br>
    <br>
</blockquote>
<blockquote type="CITE">
    <br>
    <br>
</blockquote>
<blockquote type="CITE">
    A few more eyes are highly appreciated on this &quot;issue&quot;.
</blockquote>
<blockquote type="CITE">
    <br>
    <br>
</blockquote>
<blockquote type="CITE">
    thanks!!
</blockquote>
<blockquote type="CITE">
    Matthias
</blockquote>
<blockquote type="CITE">
    <br>
</blockquote>
<blockquote type="CITE">
    <br>
    <br>
</blockquote>
</div><blockquote type="CITE">
<pre>_______________________________________________
aerogear-dev mailing list
<a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a>
</pre>
</blockquote>
<br>
</div>

<br>_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br>
<br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div>