No we never "supported" it - what we had was a HTTP
management interface
potentially vulnerable to cross site scripting attacks. As the console
is served from the same server as the management interface we closed
this down to completely ban cross origin requests.
There is an old Jira somewhere to look into allowing configuration to
relax it but that would be better to review after moving to Undertow.
Regards,
Darran Lofthouse.
On 02/26/2013 09:47 AM, Heiko Braun wrote:
>
>
> At some point we used to have support for ${subject} for accessing the domain
management HTTP interface. Does anybody remember why it has been removed? Looking at the
current domain API handler implementation it seems CORS has been explicitly been
prevented.
>
> Regards, Heiko
>
_______________________________________________
jboss-as7-dev mailing list
jboss-as7-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev