[aerogear-dev] CORS: Help needed

Matthias Wessendorf matzew at apache.org
Wed Jun 19 10:52:07 EDT 2013


oh... :)

can u make a PR, against that "cors" branch ?


On Wed, Jun 19, 2013 at 4:43 PM, Apostolos Emmanouilidis <
aemmanou at redhat.com> wrote:

> **
> Hi,
>
> The OPTIONS request method which handles the preflight request is correct
> but CORS headers should be added at the POST method response headers as
> well. I've performed the below changes and it worked. The changes are
> marked with bold.
>
> In addition change the clientIdentifier to alias in the request body.
>
> *private Response makeCORS(ResponseBuilder rb) {*
> *    rb.header("Access-Control-Allow-Origin", "*")*
> *        .header("Access-Control-Allow-Methods", "GET, POST, OPTIONS,
> PUT, DELETE")*
> *        .header("Access-Control-Allow-Headers", "accept, origin,
> ag-mobile-variant, content-type");*
> *        *
> *    return rb.build();*
> *}*
>
> @POST
> @Consumes(MediaType.APPLICATION_JSON)
> public Response registerInstallation(
>     MobileVariantInstanceImpl entity,
>     @Context HttpServletRequest request) {
>
> ...
>
> return *makeCORS*(Response.ok(*"[]"*));
>
> }
>
>
> On Wed, 2013-06-19 at 11:52 +0200, Matthias Wessendorf wrote:
>
> Hi,
>
>
>
>  trying to add CORS, to the Server (using RestEasy), I did this:
>
>  https://github.com/aerogear/aerogear-unified-push-server/commit/7ccb2e7fb
>
>
>
>  (and some more variations.... (e.g. see the comment out
> "Access-Control-Allow-Origin", where I am returing the EXACT Origin))
>
>
>
>
>
>  Here is a JavaScript sample:
>
>  http://jsfiddle.net/JY6n4/
>
>
>
>
>
>  Just click on the "Register a device" button, and see the errors in the
> console....
>
>
>
>  So, I am always (with the above jsFiddle) getting:
>
>  Origin http://fiddle.jshell.net is not allowed by
> Access-Control-Allow-Origin.
>
>
>
>  regardless if I use "*" or "http://fiddle.jshell.net" (explicit Origin),
> on the "Access-Control-Allow-Origin".     I always thought that "*" is a
> wildcard.... allowing everybody and their mother to access the server.
>
>
>
>  BTW.
>
>  This happens with jQuery _and_ vanilla.js (XHR)..... So....... I am
> really overasked, but ... is it possible that the response is correct (at
> least the setup / my src), but that RestEasy has any problems with that
> stuff ??
>
>
>
>
>
>  A few more eyes are highly appreciated on this "issue".
>
>
>
>  thanks!!
>
>  Matthias
>
>
>
>
>  _______________________________________________
> aerogear-dev mailing listaerogear-dev at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>



-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130619/f7e7d97a/attachment-0001.html 


More information about the aerogear-dev mailing list