You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2018/09/05 08:17:53 UTC

[Bug 62676] New: Documentation of CORS Filter is now misleading

https://bz.apache.org/bugzilla/show_bug.cgi?id=62676

            Bug ID: 62676
           Summary: Documentation of CORS Filter is now misleading
           Product: Tomcat 8
           Version: 8.5.x-trunk
          Hardware: PC
            Status: NEW
          Severity: minor
          Priority: P2
         Component: Documentation
          Assignee: dev@tomcat.apache.org
          Reporter: manolan@gmail.com
  Target Milestone: ----

This is partially a re-report of 62455, but with a more current version
reported.

The documentation says that the minimal configuration of the CORS Filter is:

<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

This was true when the default for cors.allowed.origins was * (e.g.
https://web.archive.org/web/20180213064017/https://tomcat.apache.org/tomcat-8.0-doc/config/filter.html#CORS_Filter),
but in the .53 release, it was changed to empty string per bug 62343.

The documentation should be updated with either a comment that the minimal
configuration doesn't allow any access (so, what's the point?) or with the
equivalent new configuration:

<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
  <init-param>
    <param-name>cors.allowed.origins</param-name>
    <param-value>*</param-value>
  </init-param>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 62676] Documentation of CORS Filter is now misleading

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=62676

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
                 OS|                            |All
             Status|NEW                         |RESOLVED

--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Thanks for the report. I've added some additional wording to the docs.

Fixed in:
- trunk for 9.0.13 onwards
- 8.5.x for 8.5.35 onwards
- 7.0.x for 7.0.91 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org