[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [jetty-users] How to update a CrossOriginFilter
|
Hi,
On Wed, Feb 24, 2021 at 4:49 PM Bruno Konik <bruno.konik@xxxxxxxxxxx> wrote:
>
> Hello,
>
> I am using embedded Jetty 9.4.35.
>
> Having a ServletContextHandler with a CORS filter :
>
> FilterHolder cors = context.addFilter(CrossOriginFilter.class, "/*",EnumSet.of(DispatcherType.REQUEST)));
>
> cors.setInitParameter(CrossOriginFilter.ALLOWED_ORIGINS_PARAM, authorizedOrigins4AllowOriginHeader);
>
> cors.setInitParameter(CrossOriginFilter.ALLOWED_METHODS_PARAM, "GET,POST,HEAD,OPTIONS");
>
> cors.setInitParameter(CrossOriginFilter.ALLOWED_HEADERS_PARAM, "X-Requested-With,Content-Type,Accept,Origin,Cache-Control");
>
> cors.setInitParameter(CrossOriginFilter.CHAIN_PREFLIGHT_PARAM, "false");
>
>
>
> I would like to update my list of authorized origins (authorizedOrigins4AllowOriginHeader) while the server is running without stopping and restarting anything. What is the best way to do that with embedded Jetty ?
Why do you want to do that? I ask because it goes against the security
features that the CORS filter provides, and also I don't see how you
can atomically update the value while other requests are flowing
through the filter?
Consider also that the "Access-Control-Allow-Origin" is an HTTP
response header like others, so applications that have access to the
response object may modify it or even remove it.
--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.
