Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 74F8B200B76 for ; Tue, 16 Aug 2016 06:28:04 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 73979160AB8; Tue, 16 Aug 2016 04:28:04 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id B832B160AA7 for ; Tue, 16 Aug 2016 06:28:03 +0200 (CEST) Received: (qmail 56567 invoked by uid 500); 16 Aug 2016 04:28:02 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 56557 invoked by uid 99); 16 Aug 2016 04:28:02 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 16 Aug 2016 04:28:02 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 492E7C17FC for ; Tue, 16 Aug 2016 04:28:02 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.481 X-Spam-Level: X-Spam-Status: No, score=0.481 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, RP_MATCHES_RCVD=-0.519] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id Q3kqJc5P804q for ; Tue, 16 Aug 2016 04:28:00 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id E1E625FBB8 for ; Tue, 16 Aug 2016 04:27:59 +0000 (UTC) Received: from asf-bz1-us-mid.priv.apache.org (nat1-us-mid.apache.org [23.253.172.122]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTPS id 08A44E01AB for ; Tue, 16 Aug 2016 04:27:59 +0000 (UTC) Received: by asf-bz1-us-mid.priv.apache.org (ASF Mail Server at asf-bz1-us-mid.priv.apache.org, from userid 33) id E88D960DCA; Tue, 16 Aug 2016 04:27:57 +0000 (UTC) From: bugzilla@apache.org To: dev@tomcat.apache.org Subject: [Bug 60008] New: Tomcat CORS filter not allowing origin with file:// when resource access done from WebView Date: Tue, 16 Aug 2016 04:27:57 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Tomcat 8 X-Bugzilla-Component: Catalina X-Bugzilla-Version: 8.0.30 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: schandra@kodiakptt.com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: dev@tomcat.apache.org X-Bugzilla-Target-Milestone: ---- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bz.apache.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 archived-at: Tue, 16 Aug 2016 04:28:04 -0000 https://bz.apache.org/bugzilla/show_bug.cgi?id=60008 Bug ID: 60008 Summary: Tomcat CORS filter not allowing origin with file:// when resource access done from WebView Product: Tomcat 8 Version: 8.0.30 Hardware: PC OS: All Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: schandra@kodiakptt.com The CORS filter not allowing request and returning 403 when the request is as follows. Request Headers POST http://kodiakptt.com/poc/ HTTP/1.1 Accept: application/json, text/plain, */* Origin: file:// User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; XT1033 Build/KXB20.25-1.31) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36 Content-Type: application/json;charset=UT We have a app which accesses the resource from tomcat web server, if UI is part of the app and using hosted JSCDE/mobile API js file, the webview send the request with Origin: file:// which tomcat rejects with 403 Forbidden. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org