You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2018/09/12 21:02:16 UTC
svn commit: r1840759 - in /tomcat/trunk/webapps/docs: changelog.xml
config/filter.xml
Author: markt
Date: Wed Sep 12 21:02:16 2018
New Revision: 1840759
URL: http://svn.apache.org/viewvc?rev=1840759&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62676
Expand the CORS filter documentation to make it clear that explicit configuration is required to enable support for cross-origin requests.
Modified:
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/config/filter.xml
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1840759&r1=1840758&r2=1840759&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Wed Sep 12 21:02:16 2018
@@ -76,6 +76,11 @@
<bug>62712</bug>: Correct NPE in Manager application when attempting to
view configured certificates for an APR/native TLS connector. (markt)
</fix>
+ <fix>
+ <bug>62676</bug>: Expand the CORS filter documentation to make it clear
+ that explicit configuration is required to enable support for
+ cross-origin requests. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Other">
Modified: tomcat/trunk/webapps/docs/config/filter.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/filter.xml?rev=1840759&r1=1840758&r2=1840759&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/filter.xml (original)
+++ tomcat/trunk/webapps/docs/config/filter.xml Wed Sep 12 21:02:16 2018
@@ -116,6 +116,15 @@
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>]]></source>
+ <p>The above configuration enables the filter but does not relax the
+ cross-origin policy. As a minimum, you will need to add a
+ <strong>cors.allowed.origins</strong> initialisation parameter as described
+ below to enable cross-origin requests. Depending on your requirements, you
+ may need to provide additional configuration.</p>
+ <p>An instance of this filter can only implement one policy. If you want to
+ apply different policies (e.g. different allowed origins) to different URLs
+ or sets of URLs within your web application you will need to configure a
+ separate instance of this filter for each policy you wish to configure.</p>
</subsection>
<subsection name="Filter Class Name">
<p>The filter class name for the CORS Filter is
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org