[aerogear-dev] CORS: Help needed

Apostolos Emmanouilidis aemmanou at redhat.com
Wed Jun 19 10:43:08 EDT 2013


Hi,

The OPTIONS request method which handles the preflight request is
correct but CORS headers should be added at the POST method response
headers as well. I've performed the below changes and it worked. The
changes are marked with bold.

In addition change the clientIdentifier to alias in the request body.

private Response makeCORS(ResponseBuilder rb) {
    rb.header("Access-Control-Allow-Origin", "*")
        .header("Access-Control-Allow-Methods", "GET, POST, OPTIONS,
PUT, DELETE")
        .header("Access-Control-Allow-Headers", "accept, origin,
ag-mobile-variant, content-type");
        
    return rb.build();
}
    
@POST
@Consumes(MediaType.APPLICATION_JSON)
public Response registerInstallation(
    MobileVariantInstanceImpl entity,
    @Context HttpServletRequest request) {

...

return makeCORS(Response.ok("[]"));
}


On Wed, 2013-06-19 at 11:52 +0200, Matthias Wessendorf wrote:
> Hi,
> 
> 
> 
> trying to add CORS, to the Server (using RestEasy), I did this:
> https://github.com/aerogear/aerogear-unified-push-server/commit/7ccb2e7fb
> 
> 
> (and some more variations.... (e.g. see the comment out
> "Access-Control-Allow-Origin", where I am returing the EXACT Origin))
> 
> 
> 
> 
> Here is a JavaScript sample:
> http://jsfiddle.net/JY6n4/
> 
> 
> 
> 
> 
> Just click on the "Register a device" button, and see the errors in
> the console....
> 
> 
> So, I am always (with the above jsFiddle) getting:
> Origin http://fiddle.jshell.net is not allowed by
> Access-Control-Allow-Origin. 
> 
> 
> 
> regardless if I use "*" or "http://fiddle.jshell.net" (explicit
> Origin), on the "Access-Control-Allow-Origin".     I always thought
> that "*" is a wildcard.... allowing everybody and their mother to
> access the server. 
> 
> 
> BTW.
> This happens with jQuery _and_ vanilla.js (XHR)..... So....... I am
> really overasked, but ... is it possible that the response is correct
> (at least the setup / my src), but that RestEasy has any problems with
> that stuff ??
> 
> 
> 
> 
> 
> A few more eyes are highly appreciated on this "issue".
> 
> 
> thanks!!
> Matthias
> 
> 
> 
> 
> 
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130619/1b06ae4e/attachment.html 


More information about the aerogear-dev mailing list