X-HTTP-Method-Override and CrossOriginResourceSharingFilter

[Sebastien Arod <se...@gmail.com>]

Hi,

I have a single page application running in the browser that interacts with
a cxf rest api. The application javascript code and the REST api are served
by different servers so I configured CrossOriginResourceSharingFilter and
everything works fine.

However in order to workaround an issue with a proxy not supporting PATCH
method I configured my client code to rewrite PATCH request to POST +
X-HTTP-Method-Override:PATCH.

The problem is that POST + X-HTTP-Method-Override:PATCH doesn't seem to
play well with CrossOriginResourceSharingFilter because
CrossOriginResourceSharingFilter tries to lookup a REST resource doing POST
instead of PATCH and so the preflight request is rejected.

Looking at the CrossOriginResourceSharingFilter code I found the there is a
findResourceMethod configuration can be used to skip the lookup of the
resource method and it seems to work when I configure
findResourceMethod=true.

So I have 3 questions:

   - Is this property supposed to be used for such situations?
   - What do I loose when configuring findResourceMethod=true except the
   check that ?
   - Shouldn't CrossOriginResourceSharingFilter skip or loosen the resource
   lookup by default if the preflight request contains a
   X-HTTP-Method-Override in "Access-Control-Request-Headers"?

Thanks,
-Seb