[aerogear-dev] CORS: Help needed
Daniel Bevenius
daniel.bevenius at gmail.com
Wed Jun 19 06:47:31 EDT 2013
When you tried that, did you specify the "Access-Control-Allow-Origin" to
be that of the "Origin" of the request, or did you use the '*' wildcard?
It think it would fail unless you specify "*" (
http://www.w3.org/TR/cors/#access-control-allow-credentials-response-header)
On 19 June 2013 12:32, Matthias Wessendorf <matzew at apache.org> wrote:
>
>
>
> On Wed, Jun 19, 2013 at 12:29 PM, Daniel Bevenius <
> daniel.bevenius at gmail.com> wrote:
>
>> I noticed that you are not setting "Access-Control-Allow-Credentials".
>> I'm not sure what the underlying JS is setting .withCredentials on the
>> XMLHttpRequest object, but if it is then this request would fail.
>>
>
>
> tried with and without -> no difference
>
>
>>
>>
>>
>>
>> On 19 June 2013 12:03, Matthias Wessendorf <matzew at apache.org> wrote:
>>
>>>
>>>
>>>
>>> On Wed, Jun 19, 2013 at 11:59 AM, Bruno Oliveira <bruno at abstractj.org>wrote:
>>>
>>>> Have you tried Resteasy mailing list?
>>>>
>>>
>>> that's next :-)
>>>
>>> I guess I wanted a second pair of eyes here :)
>>>
>>>
>>>
>>>>
>>>> Matthias Wessendorf wrote:
>>>> > Hi,
>>>> >
>>>> > trying to add CORS, to the Server (using RestEasy), I did this:
>>>> >
>>>> https://github.com/aerogear/aerogear-unified-push-server/commit/7ccb2e7fb
>>>> >
>>>> > (and some more variations.... (e.g. see the comment out
>>>> > "Access-Control-Allow-Origin", where I am returing the EXACT Origin))
>>>> >
>>>> >
>>>> > Here is a JavaScript sample:
>>>> > http://jsfiddle.net/JY6n4/
>>>> >
>>>> >
>>>> > Just click on the "Register a device" button, and see the errors in
>>>> the
>>>> > console....
>>>> >
>>>> > So, I am always (with the above jsFiddle) getting:
>>>> > Origin http://fiddle.jshell.net <http://fiddle.jshell.net/> is not
>>>> > allowed by Access-Control-Allow-Origin.
>>>> >
>>>> > regardless if I use "*" or "http://fiddle.jshell.net" (explicit
>>>> Origin),
>>>> > on the "Access-Control-Allow-Origin". I always thought that "*"
>>>> is a
>>>> > wildcard.... allowing everybody and their mother to access the server.
>>>> >
>>>> > BTW.
>>>> > This happens with jQuery _and_ vanilla.js (XHR)..... So....... I am
>>>> > really overasked, but ... is it possible that the response is correct
>>>> > (at least the setup / my src), but that RestEasy has any problems with
>>>> > that stuff ??
>>>> >
>>>> >
>>>> > A few more eyes are highly appreciated on this "issue".
>>>> >
>>>> > thanks!!
>>>> > Matthias
>>>> >
>>>> >
>>>> > --
>>>> > Matthias Wessendorf
>>>> >
>>>> > blog: http://matthiaswessendorf.wordpress.com/
>>>> > sessions: http://www.slideshare.net/mwessendorf
>>>> > twitter: http://twitter.com/mwessendorf
>>>> >
>>>> > _______________________________________________
>>>> > aerogear-dev mailing list
>>>> > aerogear-dev at lists.jboss.org
>>>> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>
>>>> --
>>>> abstractj
>>>>
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>
>>>
>>>
>>>
>>> --
>>> Matthias Wessendorf
>>>
>>> blog: http://matthiaswessendorf.wordpress.com/
>>> sessions: http://www.slideshare.net/mwessendorf
>>> twitter: http://twitter.com/mwessendorf
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130619/2ec3c9ed/attachment.html
More information about the aerogear-dev
mailing list