[aerogear-dev] CORS: Help needed

Matthias Wessendorf matzew at apache.org
Wed Jun 19 06:32:26 EDT 2013


On Wed, Jun 19, 2013 at 12:29 PM, Daniel Bevenius <daniel.bevenius at gmail.com
> wrote:

> I noticed that you are not setting "Access-Control-Allow-Credentials". I'm
> not sure what the underlying JS is setting .withCredentials on the
> XMLHttpRequest object, but if it is then this request would fail.
>


tried with and without -> no difference


>
>
>
>
> On 19 June 2013 12:03, Matthias Wessendorf <matzew at apache.org> wrote:
>
>>
>>
>>
>> On Wed, Jun 19, 2013 at 11:59 AM, Bruno Oliveira <bruno at abstractj.org>wrote:
>>
>>> Have you tried Resteasy mailing list?
>>>
>>
>> that's next :-)
>>
>> I guess I wanted a second pair of eyes here :)
>>
>>
>>
>>>
>>> Matthias Wessendorf wrote:
>>> > Hi,
>>> >
>>> > trying to add CORS, to the Server (using RestEasy), I did this:
>>> >
>>> https://github.com/aerogear/aerogear-unified-push-server/commit/7ccb2e7fb
>>> >
>>> > (and some more variations.... (e.g. see the comment out
>>> > "Access-Control-Allow-Origin", where I am returing the EXACT Origin))
>>> >
>>> >
>>> > Here is a JavaScript sample:
>>> > http://jsfiddle.net/JY6n4/
>>> >
>>> >
>>> > Just click on the "Register a device" button, and see the errors in the
>>> > console....
>>> >
>>> > So, I am always (with the above jsFiddle) getting:
>>> > Origin http://fiddle.jshell.net <http://fiddle.jshell.net/> is not
>>> > allowed by Access-Control-Allow-Origin.
>>> >
>>> > regardless if I use "*" or "http://fiddle.jshell.net" (explicit
>>> Origin),
>>> > on the "Access-Control-Allow-Origin".     I always thought that "*" is
>>> a
>>> > wildcard.... allowing everybody and their mother to access the server.
>>> >
>>> > BTW.
>>> > This happens with jQuery _and_ vanilla.js (XHR)..... So....... I am
>>> > really overasked, but ... is it possible that the response is correct
>>> > (at least the setup / my src), but that RestEasy has any problems with
>>> > that stuff ??
>>> >
>>> >
>>> > A few more eyes are highly appreciated on this "issue".
>>> >
>>> > thanks!!
>>> > Matthias
>>> >
>>> >
>>> > --
>>> > Matthias Wessendorf
>>> >
>>> > blog: http://matthiaswessendorf.wordpress.com/
>>> > sessions: http://www.slideshare.net/mwessendorf
>>> > twitter: http://twitter.com/mwessendorf
>>> >
>>> > _______________________________________________
>>> > aerogear-dev mailing list
>>> > aerogear-dev at lists.jboss.org
>>> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>> --
>>> abstractj
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>
>>
>>
>> --
>> Matthias Wessendorf
>>
>> blog: http://matthiaswessendorf.wordpress.com/
>> sessions: http://www.slideshare.net/mwessendorf
>> twitter: http://twitter.com/mwessendorf
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>



-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130619/8dee6329/attachment.html 


More information about the aerogear-dev mailing list