camel-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Claus Ibsen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CAMEL-9205) REST endpoint with CORS sends invalid header value for Access-Control-Allow-Origin
Date Sat, 10 Oct 2015 07:42:05 GMT

    [ https://issues.apache.org/jira/browse/CAMEL-9205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14951676#comment-14951676
] 

Claus Ibsen commented on CAMEL-9205:
------------------------------------

Try with a newer release as the default is set to a * only. So not sure why its *, * in your
example.

> REST endpoint with CORS sends invalid header value for Access-Control-Allow-Origin
> ----------------------------------------------------------------------------------
>
>                 Key: CAMEL-9205
>                 URL: https://issues.apache.org/jira/browse/CAMEL-9205
>             Project: Camel
>          Issue Type: Bug
>          Components: rest
>    Affects Versions: 2.15.0
>            Reporter: Martin Scheffler
>            Priority: Minor
>
> I tried enabling CORS for our camel REST endpoint and it does not really work.
> The Access-Control-Allow-Origin header is sent, as it should be. Unfortunately the value
of the header is "*, *" which is not accepted as correct by newer browser versions.
> Firefox 41.0.1 and Chrome 45.0 both reject this header value and do not allow cross domain
access. It seems newer browsers only
> accept a single domain name or "*" and not a list of domains. 
> See http://www.w3.org/TR/cors/#access-control-allow-origin-response-header
> So please change the default behavior to send only "*".
> I tried setting the header value manually:
> <restConfiguration component="servlet" bindingMode="json" contextPath="MyService/rest"
port="8080" enableCORS="true">           
>       <corsHeaders key="Access-Control-Allow-Origin" value="localhost"/>      
    
> </restConfiguration>
> But this results in a header value of "*, localhost" which is also not accepted.
> A workaround is to set <corsHeaders key="Access-Control-Allow-Origin" value=""/>
 which results in a value of "*" for some reason.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message