[aerogear-dev] CORS: Help needed
Apostolos Emmanouilidis
aemmanou at redhat.com
Wed Jun 19 10:58:03 EDT 2013
sure :)
On Wed, 2013-06-19 at 16:52 +0200, Matthias Wessendorf wrote:
> oh... :)
>
>
> can u make a PR, against that "cors" branch ?
>
>
> On Wed, Jun 19, 2013 at 4:43 PM, Apostolos Emmanouilidis
> <aemmanou at redhat.com> wrote:
> Hi,
>
> The OPTIONS request method which handles the preflight request
> is correct but CORS headers should be added at the POST method
> response headers as well. I've performed the below changes and
> it worked. The changes are marked with bold.
>
> In addition change the clientIdentifier to alias in the
> request body.
>
> private Response makeCORS(ResponseBuilder rb) {
> rb.header("Access-Control-Allow-Origin", "*")
> .header("Access-Control-Allow-Methods", "GET, POST,
> OPTIONS, PUT, DELETE")
> .header("Access-Control-Allow-Headers", "accept,
> origin, ag-mobile-variant, content-type");
>
> return rb.build();
> }
>
> @POST
> @Consumes(MediaType.APPLICATION_JSON)
> public Response registerInstallation(
> MobileVariantInstanceImpl entity,
> @Context HttpServletRequest request) {
>
> ...
>
> return makeCORS(Response.ok("[]"));
>
> }
>
>
> On Wed, 2013-06-19 at 11:52 +0200, Matthias Wessendorf wrote:
> > Hi,
> >
> >
> > trying to add CORS, to the Server (using RestEasy), I did
> > this:
> > https://github.com/aerogear/aerogear-unified-push-server/commit/7ccb2e7fb
> >
> >
> > (and some more variations.... (e.g. see the comment out
> > "Access-Control-Allow-Origin", where I am returing the EXACT
> > Origin))
> >
> >
> >
> >
> > Here is a JavaScript sample:
> > http://jsfiddle.net/JY6n4/
> >
> >
> >
> >
> >
> > Just click on the "Register a device" button, and see the
> > errors in the console....
> >
> >
> > So, I am always (with the above jsFiddle) getting:
> > Origin http://fiddle.jshell.net is not allowed by
> > Access-Control-Allow-Origin.
> >
> >
> >
> > regardless if I use "*" or
> > "http://fiddle.jshell.net" (explicit Origin), on the
> > "Access-Control-Allow-Origin". I always thought that "*"
> > is a wildcard.... allowing everybody and their mother to
> > access the server.
> >
> >
> > BTW.
> > This happens with jQuery _and_ vanilla.js (XHR).....
> > So....... I am really overasked, but ... is it possible that
> > the response is correct (at least the setup / my src), but
> > that RestEasy has any problems with that stuff ??
> >
> >
> >
> >
> >
> > A few more eyes are highly appreciated on this "issue".
> >
> >
> > thanks!!
> > Matthias
> >
> >
> >
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
More information about the aerogear-dev
mailing list