[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[jetty-users] CrossOriginFilter and PUT requests
|
We have been trying to get PUT requests work correctly with the
CrossOriginFilter. We have the following definition in web.xml
<filter>
<filter-name>cross-origin</filter-name>
<filter-class>org.eclipse.jetty.servlets.CrossOriginFilter
</filter-class>
<init-param>
<param-name>allowedMethods</param-name>
<param-value>GET,POST,PUT,OPTIONS,HEAD</param-value>
</init-param>
</filter>
However, we observe that PUT requests still fail.
The pre-flight response is:
Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS, HEAD
But when the actual PUT request is made the filter returns a 405. This
seems be due to the way the method isMethodAllowed in the filter is
structured. The method checks to see if the header
Access-Control-Request-Method is present. However, for the actual PUT
request browsers (at least Firefox in my limited testing) do not send
this header; it is sent only for the pre-flight OPTIONS request.
This page also seems to suggest that the browsers will not send this
header for the actual PUT request:
http://www.html5rocks.com/en/tutorials/cors/#toc-handling-a-not-so-simple-request
Can some one on the list please assist me with this? Is this a bug in
the filter?
Regards,
Krishna