On Wed, Jun 19, 2013 at 12:47 PM, Daniel Bevenius <daniel.bevenius@gmail.com> wrote:
When you tried that, did you specify the "Access-Control-Allow-Origin" to be that of the "Origin" of the requestboth versions, as said.that is commented out, and does not work as well, or did you use the '*' wildcard?It think it would fail unless you specify "*" (http://www.w3.org/TR/cors/#access-control-allow-credentials-response-header)not sure what you are asking, but I tried both (separated)"*"and/or"request.getHeader("Origin")", which is the one from the incoming requestseeOn 19 June 2013 12:32, Matthias Wessendorf <matzew@apache.org> wrote:
On Wed, Jun 19, 2013 at 12:29 PM, Daniel Bevenius <daniel.bevenius@gmail.com> wrote:
I noticed that you are not setting "Access-Control-Allow-Credentials". I'm not sure what the underlying JS is setting .withCredentials on the XMLHttpRequest object, but if it is then this request would fail.tried with and without -> no differenceOn 19 June 2013 12:03, Matthias Wessendorf <matzew@apache.org> wrote:
On Wed, Jun 19, 2013 at 11:59 AM, Bruno Oliveira <bruno@abstractj.org> wrote:
Have you tried Resteasy mailing list?that's next :-)
I guess I wanted a second pair of eyes here :)> Origin http://fiddle.jshell.net <http://fiddle.jshell.net/> is not
Matthias Wessendorf wrote:
> Hi,
>
> trying to add CORS, to the Server (using RestEasy), I did this:
> https://github.com/aerogear/aerogear-unified-push-server/commit/7ccb2e7fb
>
> (and some more variations.... (e.g. see the comment out
> "Access-Control-Allow-Origin", where I am returing the EXACT Origin))
>
>
> Here is a JavaScript sample:
> http://jsfiddle.net/JY6n4/
>
>
> Just click on the "Register a device" button, and see the errors in the
> console....
>
> So, I am always (with the above jsFiddle) getting:
> allowed by Access-Control-Allow-Origin.> _______________________________________________
>
> regardless if I use "*" or "http://fiddle.jshell.net" (explicit Origin),
> on the "Access-Control-Allow-Origin". I always thought that "*" is a
> wildcard.... allowing everybody and their mother to access the server.
>
> BTW.
> This happens with jQuery _and_ vanilla.js (XHR)..... So....... I am
> really overasked, but ... is it possible that the response is correct
> (at least the setup / my src), but that RestEasy has any problems with
> that stuff ??
>
>
> A few more eyes are highly appreciated on this "issue".
>
> thanks!!
> Matthias
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>
> aerogear-dev mailing list
> aerogear-dev@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
abstractj
_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf