[aerogear-dev] CORS: Help needed

Matthias Wessendorf matzew at apache.org
Wed Jun 19 06:51:48 EDT 2013 

On Wed, Jun 19, 2013 at 12:47 PM, Daniel Bevenius <daniel.bevenius at gmail.com
> wrote:

> When you tried that, did you specify the "Access-Control-Allow-Origin" to
> be that of the "Origin" of the request
>

both versions, as said.

https://github.com/aerogear/aerogear-unified-push-server/commit/7ccb2e7fb#L0R64

that is commented out, and does not work as well



> , or did you use the '*' wildcard?
> It think it would fail unless you specify "*"  (
> http://www.w3.org/TR/cors/#access-control-allow-credentials-response-header
> )
>

not sure what you are asking, but I tried both (separated)

"*"
and/or
"request.getHeader("Origin")", which is the one from the incoming request


see



>
>
>
> On 19 June 2013 12:32, Matthias Wessendorf <matzew at apache.org> wrote:
>
>>
>>
>>
>> On Wed, Jun 19, 2013 at 12:29 PM, Daniel Bevenius <
>> daniel.bevenius at gmail.com> wrote:
>>
>>> I noticed that you are not setting "Access-Control-Allow-Credentials".
>>> I'm not sure what the underlying JS is setting .withCredentials on the
>>> XMLHttpRequest object, but if it is then this request would fail.
>>>
>>
>>
>> tried with and without -> no difference
>>
>>
>>>
>>>
>>>
>>>
>>> On 19 June 2013 12:03, Matthias Wessendorf <matzew at apache.org> wrote:
>>>
>>>>
>>>>
>>>>
>>>> On Wed, Jun 19, 2013 at 11:59 AM, Bruno Oliveira <bruno at abstractj.org>wrote:
>>>>
>>>>> Have you tried Resteasy mailing list?
>>>>>
>>>>
>>>> that's next :-)
>>>>
>>>> I guess I wanted a second pair of eyes here :)
>>>>
>>>>
>>>>
>>>>>
>>>>> Matthias Wessendorf wrote:
>>>>> > Hi,
>>>>> >
>>>>> > trying to add CORS, to the Server (using RestEasy), I did this:
>>>>> >
>>>>> https://github.com/aerogear/aerogear-unified-push-server/commit/7ccb2e7fb
>>>>> >
>>>>> > (and some more variations.... (e.g. see the comment out
>>>>> > "Access-Control-Allow-Origin", where I am returing the EXACT Origin))
>>>>> >
>>>>> >
>>>>> > Here is a JavaScript sample:
>>>>> > http://jsfiddle.net/JY6n4/
>>>>> >
>>>>> >
>>>>> > Just click on the "Register a device" button, and see the errors in
>>>>> the
>>>>> > console....
>>>>> >
>>>>> > So, I am always (with the above jsFiddle) getting:
>>>>> > Origin http://fiddle.jshell.net <http://fiddle.jshell.net/> is not
>>>>> > allowed by Access-Control-Allow-Origin.
>>>>> >
>>>>> > regardless if I use "*" or "http://fiddle.jshell.net" (explicit
>>>>> Origin),
>>>>> > on the "Access-Control-Allow-Origin".     I always thought that "*"
>>>>> is a
>>>>> > wildcard.... allowing everybody and their mother to access the
>>>>> server.
>>>>> >
>>>>> > BTW.
>>>>> > This happens with jQuery _and_ vanilla.js (XHR)..... So....... I am
>>>>> > really overasked, but ... is it possible that the response is correct
>>>>> > (at least the setup / my src), but that RestEasy has any problems
>>>>> with
>>>>> > that stuff ??
>>>>> >
>>>>> >
>>>>> > A few more eyes are highly appreciated on this "issue".
>>>>> >
>>>>> > thanks!!
>>>>> > Matthias
>>>>> >
>>>>> >
>>>>> > --
>>>>> > Matthias Wessendorf
>>>>> >
>>>>> > blog: http://matthiaswessendorf.wordpress.com/
>>>>> > sessions: http://www.slideshare.net/mwessendorf
>>>>> > twitter: http://twitter.com/mwessendorf
>>>>> >
>>>>> > _______________________________________________
>>>>> > aerogear-dev mailing list
>>>>> > aerogear-dev at lists.jboss.org
>>>>> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>
>>>>> --
>>>>> abstractj
>>>>>
>>>>> _______________________________________________
>>>>> aerogear-dev mailing list
>>>>> aerogear-dev at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Matthias Wessendorf
>>>>
>>>> blog: http://matthiaswessendorf.wordpress.com/
>>>> sessions: http://www.slideshare.net/mwessendorf
>>>> twitter: http://twitter.com/mwessendorf
>>>>
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>
>>>
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>
>>
>>
>> --
>> Matthias Wessendorf
>>
>> blog: http://matthiaswessendorf.wordpress.com/
>> sessions: http://www.slideshare.net/mwessendorf
>> twitter: http://twitter.com/mwessendorf
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>



-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130619/0ab704b1/attachment-0001.html

More information about the aerogear-dev mailing list