camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Claus Ibsen <claus.ib...@gmail.com>
Subject Re: REST endpoint with CORS sends invalid header value for Access-Control-Allow-Origin
Date Fri, 09 Oct 2015 07:47:45 GMT
Hi

Thanks for reporting.

You are very welcome to log a JIRA and provide a patch
http://camel.apache.org/support.html

We love contributions
http://camel.apache.org/contributing.html

On Fri, Oct 9, 2015 at 9:22 AM, Martin Scheffler
<martinscheffler@gmail.com> wrote:
> Hi all,
>
> I tried enabling CORS for our camel REST endpoint and it does not really
> work.
> The Access-Control-Allow-Origin header is sent, as it should be.
> Unfortunately the value of the header is "*, *" which is not accepted as
> correct by newer browser versions.
> Firefox 41.0.1 and Chrome 45.0 both reject this header value and do not
> allow cross domain access. It seems newer browsers only
> accept a single domain name or "*" and not a list of domains.
>
> See http://www.w3.org/TR/cors/#access-control-allow-origin-response-header
>
> So please change the default behavior to send only "*".
>
> I tried setting the header value manually:
>
> <restConfiguration component="servlet" bindingMode="json"
> contextPath="MyService/rest" port="8080" enableCORS="true">
>       <corsHeaders key="Access-Control-Allow-Origin"
> value="localhost"/>
> </restConfiguration>
>
> But this results in a header value of "*, localhost" which is also not
> accepted.
>
> A workaround is to set <corsHeaders key="Access-Control-Allow-Origin"
> value=""/>  which results in a value of "*" for some reason.
>
> Cheers,
> Martin



-- 
Claus Ibsen
-----------------
http://davsclaus.com @davsclaus
Camel in Action 2nd edition:
https://www.manning.com/books/camel-in-action-second-edition

Mime
View raw message