[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jetty-users] CrossOriginFilter and PUT requests
|
Hi,
On Mon, Dec 5, 2011 at 19:17, Krishna Sundaresan <calvinkrishy@xxxxxxxxx> wrote:
> We have been trying to get PUT requests work correctly with the
> CrossOriginFilter. We have the following definition in web.xml
>
> <filter>
> <filter-name>cross-origin</filter-name>
> <filter-class>org.eclipse.jetty.servlets.CrossOriginFilter
> </filter-class>
> <init-param>
> <param-name>allowedMethods</param-name>
> <param-value>GET,POST,PUT,OPTIONS,HEAD</param-value>
> </init-param>
> </filter>
>
> However, we observe that PUT requests still fail.
>
> The pre-flight response is:
>
> Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS, HEAD
>
> But when the actual PUT request is made the filter returns a 405. This
> seems be due to the way the method isMethodAllowed in the filter is
> structured. The method checks to see if the header
> Access-Control-Request-Method is present. However, for the actual PUT
> request browsers (at least Firefox in my limited testing) do not send
> this header; it is sent only for the pre-flight OPTIONS request.
>
> This page also seems to suggest that the browsers will not send this
> header for the actual PUT request:
> http://www.html5rocks.com/en/tutorials/cors/#toc-handling-a-not-so-simple-request
>
> Can some one on the list please assist me with this? Is this a bug in
> the filter?
Yes, looks like a bug.
Can you please file an issue in bugzilla ?
Thanks,
Simon
--
http://cometd.org
http://intalio.com
http://bordet.blogspot.com
----
Finally, no matter how good the architecture and design are,
to deliver bug-free software with optimal performance and reliability,
the implementation technique must be flawless. Victoria Livschitz