[aerogear-dev] CORS: Help needed

Hi, trying to add CORS, to the Server (using RestEasy), I did this: https://github.com/aerogear/aerogear-unified-push-server/commit/7ccb2e7fb (and some more variations.... (e.g. see the comment out "Access-Control-Allow-Origin", where I am returing the EXACT Origin)) Here is a JavaScript sample: http://jsfiddle.net/JY6n4/ Just click on the "Register a device" button, and see the errors in the console.... So, I am always (with the above jsFiddle) getting: Origin http://fiddle.jshell.net is not allowed by Access-Control-Allow-Origin. regardless if I use "*" or "http://fiddle.jshell.net" (explicit Origin), on the "Access-Control-Allow-Origin". I always thought that "*" is a wildcard.... allowing everybody and their mother to access the server. BTW. This happens with jQuery _and_ vanilla.js (XHR)..... So....... I am really overasked, but ... is it possible that the response is correct (at least the setup / my src), but that RestEasy has any problems with that stuff ?? A few more eyes are highly appreciated on this "issue". thanks!! Matthias -- Matthias Wessendorf blog: http://matthiaswessendorf.wordpress.com/ sessions: http://www.slideshare.net/mwessendorf twitter: http://twitter.com/mwessendorf