You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2018/09/12 21:02:16 UTC

svn commit: r1840759 - in /tomcat/trunk/webapps/docs: changelog.xml config/filter.xml

Author: markt
Date: Wed Sep 12 21:02:16 2018
New Revision: 1840759

URL: http://svn.apache.org/viewvc?rev=1840759&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62676
Expand the CORS filter documentation to make it clear that explicit configuration is required to enable support for cross-origin requests.

Modified:
    tomcat/trunk/webapps/docs/changelog.xml
    tomcat/trunk/webapps/docs/config/filter.xml

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1840759&r1=1840758&r2=1840759&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Wed Sep 12 21:02:16 2018
@@ -76,6 +76,11 @@
         <bug>62712</bug>: Correct NPE in Manager application when attempting to
         view configured certificates for an APR/native TLS connector. (markt)
       </fix>
+      <fix>
+        <bug>62676</bug>: Expand the CORS filter documentation to make it clear
+        that explicit configuration is required to enable support for
+        cross-origin requests. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Other">

Modified: tomcat/trunk/webapps/docs/config/filter.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/filter.xml?rev=1840759&r1=1840758&r2=1840759&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/filter.xml (original)
+++ tomcat/trunk/webapps/docs/config/filter.xml Wed Sep 12 21:02:16 2018
@@ -116,6 +116,15 @@
   <filter-name>CorsFilter</filter-name>
   <url-pattern>/*</url-pattern>
 </filter-mapping>]]></source>
+    <p>The above configuration enables the filter but does not relax the
+    cross-origin policy. As a minimum, you will need to add a
+    <strong>cors.allowed.origins</strong> initialisation parameter as described
+    below to enable cross-origin requests. Depending on your requirements, you
+    may need to provide additional configuration.</p>
+    <p>An instance of this filter can only implement one policy. If you want to
+    apply different policies (e.g. different allowed origins) to different URLs
+    or sets of URLs within your web application you will need to configure a
+    separate instance of this filter for each policy you wish to configure.</p>
   </subsection>
   <subsection name="Filter Class Name">
     <p>The filter class name for the CORS Filter is



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org