activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Schröder (Commented) (JIRA) <j...@apache.org>
Subject [jira] [Commented] (APLO-188) Support allowing cross origin resource sharing (CORS) of web admin APIs
Date Tue, 17 Apr 2012 22:08:18 GMT

    [ https://issues.apache.org/jira/browse/APLO-188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13255991#comment-13255991
] 

Martin Schröder commented on APLO-188:
--------------------------------------

I don't agree that the implementation of CORS is complete. If you request data of type application/json
the browser issues a preflight request "OPTIONS" which the webserver must respond to with
required headers (like stated in the description of this bug report). At the moment this is
not the case using Apollo 1.2 as the headers "Access-Control-Allow-Methods" and "Access-Control-Allow-Headers"
are missing.
                
> Support allowing cross origin resource sharing (CORS) of web admin APIs
> -----------------------------------------------------------------------
>
>                 Key: APLO-188
>                 URL: https://issues.apache.org/jira/browse/APLO-188
>             Project: ActiveMQ Apollo
>          Issue Type: Bug
>          Components: apollo-web
>    Affects Versions: 1.2
>         Environment: Debian Wheezy
>            Reporter: Torben Fitschen
>            Assignee: Hiram Chirino
>
> Request header field Authorization is not allowed by Access-Control-Allow-Headers.
> --------------------------------------------------------------------------------
> Request Headers:
> OPTIONS /broker.json HTTP/1.1
> Host: 192.168.1.2:61680
> Connection: keep-alive
> Cache-Control: max-age=0
> Access-Control-Request-Method: GET
> Origin: http://192.168.1.1
> Pragma: no-cache
> Access-Control-Request-Headers: origin, authorization, accept
> Accept: */*
> --------------------------------------------------------------------------------
> Required Response Headers:
> Access-Control-Allow-Origin
> Access-Control-Allow-Methods
> Access-Control-Allow-Headers
> --------------------------------------------------------------------------------
> http://www.html5rocks.com/en/tutorials/cors/

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

Mime
View raw message