Hi, Enabling CORS requests for all origins by default is not recommended and certainly is a bad idea to enable it by default in the server. Users should enable it if they want CORS by themselves, per webapp. It can be a security concern otherwise AFAIK.
But this gives an opportunity to add to documentation on how users can enable CORS. Were you able to test this out and see ?. thanks, On Mon, Feb 16, 2015 at 10:53 PM, Gimantha Bandara <[email protected]> wrote: > Hi, > > We have hosted a jaxrs webapp in BAM 3.0 which is used for analytics. > Sometimes when we try to send a DELETE request, we receive the status code > 403, which we didn't really implemented to return. while searching for > clue, I found that the cross-origin resource filters(CORS filters) are not > set properly. We can set these filters either in webapp's web.xml or in > carbon server's tomcat web.xml to overcome the issue as shown below. > > <filter> > <filter-name>CorsFilter</filter-name> > <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> > *<init-param>* > * <param-name>cors.allowed.origins</param-name>* > * <param-value>*</param-value>* > * </init-param>* > *<init-param>* > * <param-name>cors.allowed.methods</param-name>* > * <param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE,PATCH</param-value>* > * </init-param>* > </filter> > <filter-mapping> > <filter-name>CorsFilter</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > > So should these init-params be included by default in the pack? if so, > what will be the best place to add them ( in webapps' web.xml or in > conf/tomcat/web.xml)? > > Thanks, > -- > Gimantha Bandara > Software Engineer > WSO2. Inc : http://wso2.com > Mobile : +94714961919 > -- Supun Malinga, Senior Software Engineer, WSO2 Inc. http://wso2.com email: [email protected] <[email protected]> mobile: +94 (0)71 56 91 321
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
