[aerogear-dev] CORS: Help needed

Apostolos Emmanouilidis aemmanou at redhat.com
Wed Jun 19 10:58:03 EDT 2013


sure :)

On Wed, 2013-06-19 at 16:52 +0200, Matthias Wessendorf wrote:
> oh... :) 
> 
> 
> can u make a PR, against that "cors" branch ? 
> 
> 
> On Wed, Jun 19, 2013 at 4:43 PM, Apostolos Emmanouilidis
> <aemmanou at redhat.com> wrote:
>         Hi,
>         
>         The OPTIONS request method which handles the preflight request
>         is correct but CORS headers should be added at the POST method
>         response headers as well. I've performed the below changes and
>         it worked. The changes are marked with bold.
>         
>         In addition change the clientIdentifier to alias in the
>         request body.
>         
>         private Response makeCORS(ResponseBuilder rb) {
>             rb.header("Access-Control-Allow-Origin", "*")
>                 .header("Access-Control-Allow-Methods", "GET, POST,
>         OPTIONS, PUT, DELETE")
>                 .header("Access-Control-Allow-Headers", "accept,
>         origin, ag-mobile-variant, content-type");
>                 
>             return rb.build();
>         }
>             
>         @POST
>         @Consumes(MediaType.APPLICATION_JSON)
>         public Response registerInstallation(
>             MobileVariantInstanceImpl entity,
>             @Context HttpServletRequest request) {
>         
>         ...
>         
>         return makeCORS(Response.ok("[]"));
>         
>         }
>         
>         
>         On Wed, 2013-06-19 at 11:52 +0200, Matthias Wessendorf wrote: 
>         > Hi,
>         > 
>         > 
>         > trying to add CORS, to the Server (using RestEasy), I did
>         > this:
>         > https://github.com/aerogear/aerogear-unified-push-server/commit/7ccb2e7fb
>         > 
>         > 
>         > (and some more variations.... (e.g. see the comment out
>         > "Access-Control-Allow-Origin", where I am returing the EXACT
>         > Origin))
>         > 
>         > 
>         > 
>         > 
>         > Here is a JavaScript sample:
>         > http://jsfiddle.net/JY6n4/
>         > 
>         > 
>         > 
>         > 
>         > 
>         > Just click on the "Register a device" button, and see the
>         > errors in the console....
>         > 
>         > 
>         > So, I am always (with the above jsFiddle) getting:
>         > Origin http://fiddle.jshell.net is not allowed by
>         > Access-Control-Allow-Origin. 
>         > 
>         > 
>         > 
>         > regardless if I use "*" or
>         > "http://fiddle.jshell.net" (explicit Origin), on the
>         > "Access-Control-Allow-Origin".     I always thought that "*"
>         > is a wildcard.... allowing everybody and their mother to
>         > access the server. 
>         > 
>         > 
>         > BTW.
>         > This happens with jQuery _and_ vanilla.js (XHR).....
>         > So....... I am really overasked, but ... is it possible that
>         > the response is correct (at least the setup / my src), but
>         > that RestEasy has any problems with that stuff ??
>         > 
>         > 
>         > 
>         > 
>         > 
>         > A few more eyes are highly appreciated on this "issue".
>         > 
>         > 
>         > thanks!!
>         > Matthias
>         > 
>         > 
>         > 
>         > _______________________________________________
>         > aerogear-dev mailing list
>         > aerogear-dev at lists.jboss.org
>         > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>         
>         
>         
>         _______________________________________________
>         aerogear-dev mailing list
>         aerogear-dev at lists.jboss.org
>         https://lists.jboss.org/mailman/listinfo/aerogear-dev
> 
> 
> 
> 
> -- 
> Matthias Wessendorf 
> 
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev




More information about the aerogear-dev mailing list