camel-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin Scheffler (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CAMEL-9205) REST endpoint with CORS sends invalid header value for Access-Control-Allow-Origin
Date Fri, 09 Oct 2015 08:00:35 GMT
Martin Scheffler created CAMEL-9205:
---------------------------------------

             Summary: REST endpoint with CORS sends invalid header value for Access-Control-Allow-Origin
                 Key: CAMEL-9205
                 URL: https://issues.apache.org/jira/browse/CAMEL-9205
             Project: Camel
          Issue Type: Bug
          Components: rest
    Affects Versions: 2.15.0
            Reporter: Martin Scheffler
            Priority: Minor


I tried enabling CORS for our camel REST endpoint and it does not really work.
The Access-Control-Allow-Origin header is sent, as it should be. Unfortunately the value of
the header is "*, *" which is not accepted as correct by newer browser versions.
Firefox 41.0.1 and Chrome 45.0 both reject this header value and do not allow cross domain
access. It seems newer browsers only
accept a single domain name or "*" and not a list of domains. 

See http://www.w3.org/TR/cors/#access-control-allow-origin-response-header

So please change the default behavior to send only "*".

I tried setting the header value manually:

<restConfiguration component="servlet" bindingMode="json" contextPath="MyService/rest"
port="8080" enableCORS="true">           
      <corsHeaders key="Access-Control-Allow-Origin" value="localhost"/>           
</restConfiguration>

But this results in a header value of "*, localhost" which is also not accepted.

A workaround is to set <corsHeaders key="Access-Control-Allow-Origin" value=""/>  which
results in a value of "*" for some reason.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message