[aerogear-dev] CORS: Help needed
Matthias Wessendorf
matzew at apache.org
Wed Jun 19 10:52:07 EDT 2013
oh... :)
can u make a PR, against that "cors" branch ?
On Wed, Jun 19, 2013 at 4:43 PM, Apostolos Emmanouilidis <
aemmanou at redhat.com> wrote:
> **
> Hi,
>
> The OPTIONS request method which handles the preflight request is correct
> but CORS headers should be added at the POST method response headers as
> well. I've performed the below changes and it worked. The changes are
> marked with bold.
>
> In addition change the clientIdentifier to alias in the request body.
>
> *private Response makeCORS(ResponseBuilder rb) {*
> * rb.header("Access-Control-Allow-Origin", "*")*
> * .header("Access-Control-Allow-Methods", "GET, POST, OPTIONS,
> PUT, DELETE")*
> * .header("Access-Control-Allow-Headers", "accept, origin,
> ag-mobile-variant, content-type");*
> * *
> * return rb.build();*
> *}*
>
> @POST
> @Consumes(MediaType.APPLICATION_JSON)
> public Response registerInstallation(
> MobileVariantInstanceImpl entity,
> @Context HttpServletRequest request) {
>
> ...
>
> return *makeCORS*(Response.ok(*"[]"*));
>
> }
>
>
> On Wed, 2013-06-19 at 11:52 +0200, Matthias Wessendorf wrote:
>
> Hi,
>
>
>
> trying to add CORS, to the Server (using RestEasy), I did this:
>
> https://github.com/aerogear/aerogear-unified-push-server/commit/7ccb2e7fb
>
>
>
> (and some more variations.... (e.g. see the comment out
> "Access-Control-Allow-Origin", where I am returing the EXACT Origin))
>
>
>
>
>
> Here is a JavaScript sample:
>
> http://jsfiddle.net/JY6n4/
>
>
>
>
>
> Just click on the "Register a device" button, and see the errors in the
> console....
>
>
>
> So, I am always (with the above jsFiddle) getting:
>
> Origin http://fiddle.jshell.net is not allowed by
> Access-Control-Allow-Origin.
>
>
>
> regardless if I use "*" or "http://fiddle.jshell.net" (explicit Origin),
> on the "Access-Control-Allow-Origin". I always thought that "*" is a
> wildcard.... allowing everybody and their mother to access the server.
>
>
>
> BTW.
>
> This happens with jQuery _and_ vanilla.js (XHR)..... So....... I am
> really overasked, but ... is it possible that the response is correct (at
> least the setup / my src), but that RestEasy has any problems with that
> stuff ??
>
>
>
>
>
> A few more eyes are highly appreciated on this "issue".
>
>
>
> thanks!!
>
> Matthias
>
>
>
>
> _______________________________________________
> aerogear-dev mailing listaerogear-dev at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130619/f7e7d97a/attachment-0001.html
More information about the aerogear-dev
mailing list