Support 'null' origin #7
Conversation
|
Hi guys, any update on this? I am actually encountering this problem. The use case is to use Cordova to build a hybrid app which talks to an API server that uses this CORS filter. Because the request is made from a file in Cordova, the Origin is set to file:// which is interpreted as null and hit this error. |
|
Hi Alvin, I'm kind of guessing this project is abandoned unfortunately.. FWIW since I'm guessing you're using this with HAPI, there is a copy of CorsFilter with the patch applied here] in HAPI. You could always do the same and copy the class into your own project.. It doesn't need any external dependencies. Another alternative is to use Spring Security's CORS filter instead. I am kind of leaning towards updating HAPI's documentation to recommend using that instead, since it does more than just CORS and you can use it without using the rest of Spring if you want. |
|
@jamesagnew and @alvinleonard Sorry for not responding earlier. This project is not being maintained very actively, specially after donation to Apache Tomcat project. This issue has already been fixed in Tomcat's code base: https://github.com/apache/tomcat/blob/trunk/java/org/apache/catalina/filters/CorsFilter.java#L825 Can either of you please update this PR with changes from Tomcat's code base, and then I can work towards releasing a fresh version of this ? |
|
Hi @jamesagnew, yep I am using this with HAPI JPA server. The particular case I am encountering is the case where the Origin is set to file:// by Cordova for any POST requests. It looks like the code in Tomcat project has been updated to support that: @mohitsoni I'll give the PR a go. |
|
Hi @mohitsoni, I've created the PR here: #13. Pulled both the null and file:// checks from Tomcat project. |
When using HTML which is deployed to a local hard drive, the browser will issue a CORS preflight request with an Origin header of "Origin: null".
Currently CORSFilter treats this as an invalid preflight request even if the filter is configured to allow origin "*". This pull request lets the filter allow this through.