This filter should better be set as a per-webapp configuration. We shouldn't enable CORS by default. You might also need to consider whether you need allow all the origins to access the jax-rs resources or restrict to a few origins.
> On Feb 16, 2015, at 10:53 PM, Gimantha Bandara <[email protected]> wrote: > > Hi, > > We have hosted a jaxrs webapp in BAM 3.0 which is used for analytics. > Sometimes when we try to send a DELETE request, we receive the status code > 403, which we didn't really implemented to return. while searching for clue, > I found that the cross-origin resource filters(CORS filters) are not set > properly. We can set these filters either in webapp's web.xml or in carbon > server's tomcat web.xml to overcome the issue as shown below. > > <filter> > <filter-name>CorsFilter</filter-name> > <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> > <init-param> > <param-name>cors.allowed.origins</param-name> > <param-value>*</param-value> > </init-param> > <init-param> > <param-name>cors.allowed.methods</param-name> > <param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE,PATCH</param-value> > </init-param> > </filter> > <filter-mapping> > <filter-name>CorsFilter</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > > So should these init-params be included by default in the pack? if so, what > will be the best place to add them ( in webapps' web.xml or in > conf/tomcat/web.xml)? > > Thanks, > -- > Gimantha Bandara > Software Engineer > WSO2. Inc : http://wso2.com > Mobile : +94714961919
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
