Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] CrossOriginFilter and PUT requests

We have been trying to get PUT requests work correctly with the
CrossOriginFilter. We have the following definition in web.xml

	<filter>
		<filter-name>cross-origin</filter-name>
		<filter-class>org.eclipse.jetty.servlets.CrossOriginFilter
		</filter-class>
		<init-param>
			<param-name>allowedMethods</param-name>
			<param-value>GET,POST,PUT,OPTIONS,HEAD</param-value>
		</init-param>
        </filter>

However, we observe that PUT requests still fail.

The pre-flight response is:

Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS, HEAD

But when the actual PUT request is made the filter returns a 405. This
seems be due to the way the method isMethodAllowed in the filter is
structured. The method checks to see if the header
Access-Control-Request-Method is present. However, for the actual PUT
request browsers (at least Firefox in my limited testing) do not send
this header; it is sent only for the pre-flight OPTIONS request.

This page also seems to suggest that the browsers will not send this
header for the actual PUT request:
http://www.html5rocks.com/en/tutorials/cors/#toc-handling-a-not-so-simple-request

Can some one on the list please assist me with this? Is this a bug in
the filter?

Regards,
Krishna


Back to the top