<div dir="ltr">Posted to RestEasy list as wel:<div><br></div><div><br></div><div><a href="http://permalink.gmane.org/gmane.comp.java.resteasy.user/564">http://permalink.gmane.org/gmane.comp.java.resteasy.user/564</a><br></div>
<div><br></div><div><br></div><div style>-M</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Jun 19, 2013 at 12:51 PM, Matthias Wessendorf <span dir="ltr"><<a href="mailto:matzew@apache.org" target="_blank">matzew@apache.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote"><div class="im">On Wed, Jun 19, 2013 at 12:47 PM, Daniel Bevenius <span dir="ltr"><<a href="mailto:daniel.bevenius@gmail.com" target="_blank">daniel.bevenius@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">When you tried that, did you specify the "Access-Control-Allow-Origin" to be that of the "Origin" of the request</div>
</blockquote><div><br></div></div><div>both versions, as said.</div><div><br></div><div><a href="https://github.com/aerogear/aerogear-unified-push-server/commit/7ccb2e7fb#L0R64" target="_blank">https://github.com/aerogear/aerogear-unified-push-server/commit/7ccb2e7fb#L0R64</a><br>
</div><div><br></div><div>that is commented out, and does not work as well</div><div class="im"><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr">, or did you use the '*' wildcard? <div>It think it would fail unless you specify "*" (<a href="http://www.w3.org/TR/cors/#access-control-allow-credentials-response-header" target="_blank">http://www.w3.org/TR/cors/#access-control-allow-credentials-response-header</a>)</div>
</div></blockquote><div><br></div></div><div>not sure what you are asking, but I tried both (separated)</div><div><br></div><div>"*"</div><div>and/or</div><div>"request.getHeader("Origin")", which is the one from the incoming request</div>
<div> </div><div><br></div><div>see </div><div><div class="h5"><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr"><div><div>
<br></div></div></div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On 19 June 2013 12:32, Matthias Wessendorf <span dir="ltr"><<a href="mailto:matzew@apache.org" target="_blank">matzew@apache.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">
<div>On Wed, Jun 19, 2013 at 12:29 PM, Daniel Bevenius <span dir="ltr"><<a href="mailto:daniel.bevenius@gmail.com" target="_blank">daniel.bevenius@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">I noticed that you are not setting "Access-Control-Allow-Credentials". I'm not sure what the underlying JS is setting .withCredentials on the XMLHttpRequest object, but if it is then this request would fail.</div>
</blockquote><div><br></div><div><br></div></div><div>tried with and without -> no difference </div><div><div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr">
<div>
<br></div><div><br></div></div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On 19 June 2013 12:03, Matthias Wessendorf <span dir="ltr"><<a href="mailto:matzew@apache.org" target="_blank">matzew@apache.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">
<div>On Wed, Jun 19, 2013 at 11:59 AM, Bruno Oliveira <span dir="ltr"><<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Have you tried Resteasy mailing list?<br></blockquote><div>
<br></div></div><div>that's next :-) </div><div><br>
</div><div>I guess I wanted a second pair of eyes here :) </div><div><div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div><br>
Matthias Wessendorf wrote:<br>
> Hi,<br>
><br>
> trying to add CORS, to the Server (using RestEasy), I did this:<br>
> <a href="https://github.com/aerogear/aerogear-unified-push-server/commit/7ccb2e7fb" target="_blank">https://github.com/aerogear/aerogear-unified-push-server/commit/7ccb2e7fb</a><br>
><br>
> (and some more variations.... (e.g. see the comment out<br>
> "Access-Control-Allow-Origin", where I am returing the EXACT Origin))<br>
><br>
><br>
> Here is a JavaScript sample:<br>
> <a href="http://jsfiddle.net/JY6n4/" target="_blank">http://jsfiddle.net/JY6n4/</a><br>
><br>
><br>
> Just click on the "Register a device" button, and see the errors in the<br>
> console....<br>
><br>
> So, I am always (with the above jsFiddle) getting:<br>
</div>> Origin <a href="http://fiddle.jshell.net" target="_blank">http://fiddle.jshell.net</a> <<a href="http://fiddle.jshell.net/" target="_blank">http://fiddle.jshell.net/</a>> is not<br>
<div>> allowed by Access-Control-Allow-Origin.<br>
><br>
> regardless if I use "*" or "<a href="http://fiddle.jshell.net" target="_blank">http://fiddle.jshell.net</a>" (explicit Origin),<br>
> on the "Access-Control-Allow-Origin". I always thought that "*" is a<br>
> wildcard.... allowing everybody and their mother to access the server.<br>
><br>
> BTW.<br>
> This happens with jQuery _and_ vanilla.js (XHR)..... So....... I am<br>
> really overasked, but ... is it possible that the response is correct<br>
> (at least the setup / my src), but that RestEasy has any problems with<br>
> that stuff ??<br>
><br>
><br>
> A few more eyes are highly appreciated on this "issue".<br>
><br>
> thanks!!<br>
> Matthias<br>
><br>
><br>
> --<br>
> Matthias Wessendorf<br>
><br>
> blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
> sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
> twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>
><br>
</div>> _______________________________________________<br>
> aerogear-dev mailing list<br>
> <a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
<span><font color="#888888"><br>
--<br>
abstractj<br>
<br>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
</font></span></blockquote></div></div></div><div><div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div></div></div></div>
<br>_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote></div></div></div><div><div><br><br clear="all"><div><br>
</div>-- <br>Matthias Wessendorf <br>
<br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div></div></div></div>
<br>_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote></div></div></div><div><div class="h5"><br><br clear="all"><div><br>
</div>-- <br>Matthias Wessendorf <br>
<br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div></div></div></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div>