- edited description
Issue #35
resolved
I am using this filter in a *.WAR deployed on Tomcat 8.5. I am seeing curly braces, '{' and '}' in the response headers. The causes failure in Firefox 66.
For example, in my cors.properties file, I set
cors.supportedMethods: { GET, POST, HEAD, PUT, DELETE }
The response header is
Access-Control-Allow-Methods: HEAD, DELETE, POST, GET, {, }, PUT
For a cor.properties setting of
cors.supportedMethods: { GET, POST, HEAD, PUT, DELETE, OPTIONS }
The response header is
Access-Control-Allow-Methods: HEAD, DELETE, POST, GET, {, OPTIONS, }, PUT
Safari 12 and Chrome 73 and Canary 75 don't mind, but Firefox fails with these console messages:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8888/oasrest/login. (Reason: invalid token ‘{’ in CORS header ‘Access-Control-Allow-Methods’). Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8888/oasrest/login. (Reason: CORS request did not succeed).
Comments (5)
-
reporter
-
reporter
I am using v2.6 from Maven Central.
-
Hi Thad!
Would you be interested in submitting a pull request?
-
reporter
Honestly I wouldn't know where to start. In any case, fo now we've switched to https://github.com/eBay/cors-filter (old, but seems to meet our needs).
-
reporter
- changed status to resolved
Nevermind. Relooked this today, and found that our config file had curly brackets around the value for
cors.supportedMethods. Sorry for the trouble. - Log in to comment
