tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jose María Zaragoza <demablo...@gmail.com>
Subject Re: CORS issue with Tomcat and Android Webview
Date Mon, 28 Apr 2014 20:08:55 GMT
2014-04-28 21:55 GMT+02:00 Terence M. Bandoian <terence@tmbsw.com>:
> On 4/26/2014 6:56 AM, Jose María Zaragoza wrote:
>>
>> 2014-04-26 13:16 GMT+02:00 Martin Gainty <mgainty@hotmail.com>:
>>>>
>>>> Date: Sat, 26 Apr 2014 11:43:05 +0530
>>>> Subject: Re: CORS issue with Tomcat and Android Webview
>>>> From: ankisinghal@gmail.com
>>>> To: users@tomcat.apache.org
>>>>
>>>> On Sat, Apr 26, 2014 at 12:53 AM, Terence M. Bandoian
>>>> <terence@tmbsw.com>wrote:
>>>>
>>>>> On 4/24/2014 11:16 PM, Ankit Singhal wrote:
>>>>>
>>>>>> Hi
>>>>>>
>>>>>> I did more research on this and figure out the issue.If you see the
>>>>>> headers
>>>>>> from Android and look into Origin Header.
>>>>>>
>>>>>> Origin: file://
>>>>>>
>>>>>> Tomcat CORS filter tries to validate the URI in Origin header and
>>>>>> considers
>>>>>> "file://" as an invalid URI and returns back 403.
>>>>>>
>>>>>> I have applied <accept-origin>*</accept-origin> params.
So shouldn't
>>>>>> CORS
>>>>>> filter honor this ?
>>>>>>
>>>>>> I agree that Client also has the problem , but still server should
>>>>>> also
>>>>>> allow...
>>>>>>
>> Hi:
>>
>> I'm watching this flowchart
>> https://tomcat.apache.org/tomcat-7.0-doc/images/cors-flowchart.png
>>
>> and I wonder if Tomcat 7 checks if the request received belongs to the
>> right type.
>> I mean, if browser sends a simple request ( eg. POST + application/xml
>> content-type header )
>> WC3 spec says that request should be a preflight request  , does
>> Tomcat check this case ?
>>
>>
>>
>> Regards
>>
>
>
> Hi, Jose-
>
> I don't see where the W3C spec requires a preflight request for simple
> requests.
>
>
> -Terence Bandoian


Sorry, I meant non-simple request.
For example, if I perform a cross-domain POST request (within
application/xml content-type header ),
I guess that a preflight request is required , right ?
What happens, if it's not sent , on Tomcat? Should it check it ?

Regards










>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message