[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [jetty-users] CrossOriginFilter and PUT requests
|
On Tue, Dec 6, 2011 at 04:27, Simone Bordet <sbordet@xxxxxxxxxxx> wrote:
> Hi,
>
> On Mon, Dec 5, 2011 at 19:17, Krishna Sundaresan <calvinkrishy@xxxxxxxxx> wrote:
>> We have been trying to get PUT requests work correctly with the
>> CrossOriginFilter. We have the following definition in web.xml
>>
>> <filter>
>> <filter-name>cross-origin</filter-name>
>> <filter-class>org.eclipse.jetty.servlets.CrossOriginFilter
>> </filter-class>
>> <init-param>
>> <param-name>allowedMethods</param-name>
>> <param-value>GET,POST,PUT,OPTIONS,HEAD</param-value>
>> </init-param>
>> </filter>
>>
>> However, we observe that PUT requests still fail.
>>
>> The pre-flight response is:
>>
>> Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS, HEAD
>>
>> But when the actual PUT request is made the filter returns a 405. This
>> seems be due to the way the method isMethodAllowed in the filter is
>> structured. The method checks to see if the header
>> Access-Control-Request-Method is present. However, for the actual PUT
>> request browsers (at least Firefox in my limited testing) do not send
>> this header; it is sent only for the pre-flight OPTIONS request.
>>
>> This page also seems to suggest that the browsers will not send this
>> header for the actual PUT request:
>> http://www.html5rocks.com/en/tutorials/cors/#toc-handling-a-not-so-simple-request
>>
>> Can some one on the list please assist me with this? Is this a bug in
>> the filter?
>
> Yes, looks like a bug.
> Can you please file an issue in bugzilla ?
Thanks.
https://bugs.eclipse.org/bugs/show_bug.cgi?id=365746
