You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@camel.apache.org by "Claus Ibsen (JIRA)" <ji...@apache.org> on 2015/10/10 10:01:05 UTC
[jira] [Updated] (CAMEL-9205) REST endpoint with CORS sends invalid
header value for Access-Control-Allow-Origin
[ https://issues.apache.org/jira/browse/CAMEL-9205?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Claus Ibsen updated CAMEL-9205:
-------------------------------
Fix Version/s: 2.16.1
2.17.0
2.15.4
> REST endpoint with CORS sends invalid header value for Access-Control-Allow-Origin
> ----------------------------------------------------------------------------------
>
> Key: CAMEL-9205
> URL: https://issues.apache.org/jira/browse/CAMEL-9205
> Project: Camel
> Issue Type: Bug
> Components: rest
> Affects Versions: 2.15.0
> Reporter: Martin Scheffler
> Priority: Minor
> Fix For: 2.15.4, 2.17.0, 2.16.1
>
>
> I tried enabling CORS for our camel REST endpoint and it does not really work.
> The Access-Control-Allow-Origin header is sent, as it should be. Unfortunately the value of the header is "*, *" which is not accepted as correct by newer browser versions.
> Firefox 41.0.1 and Chrome 45.0 both reject this header value and do not allow cross domain access. It seems newer browsers only
> accept a single domain name or "*" and not a list of domains.
> See http://www.w3.org/TR/cors/#access-control-allow-origin-response-header
> So please change the default behavior to send only "*".
> I tried setting the header value manually:
> <restConfiguration component="servlet" bindingMode="json" contextPath="MyService/rest" port="8080" enableCORS="true">
> <corsHeaders key="Access-Control-Allow-Origin" value="localhost"/>
> </restConfiguration>
> But this results in a header value of "*, localhost" which is also not accepted.
> A workaround is to set <corsHeaders key="Access-Control-Allow-Origin" value=""/> which results in a value of "*" for some reason.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)