Hi Gimantha, If you did not specify the parameter cors.allowed.origins, it defaults to *. So, the above configuration will also allow all origins.
On Tue, Feb 17, 2015 at 1:19 PM, Gimantha Bandara <[email protected]> wrote: > Hi all, > > Thanks for your replies. > > @Supun, I checked enabling CORS but disabled the CORS requests for all > origins, so the configuration looks like below > > <filter> > <filter-name>CorsFilter</filter-name> > <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> > *<init-param>* > * <param-name>cors.allowed.methods</param-name>* > * <param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE,PATCH</param-value>* > * </init-param>* > </filter> > <filter-mapping> > <filter-name>CorsFilter</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > > To get rid of 403 status, only the above highlighted parameters are > sufficient. > > > Thanks, > > On Tue, Feb 17, 2015 at 10:17 AM, Nilmini Perera <[email protected]> wrote: > >> I will look into this and update the docs. >> Thanks for the info. >> >> Regards, >> Nilmini >> >> On Mon, Feb 16, 2015 at 11:06 PM, Supun Malinga <[email protected]> wrote: >> >>> Hi, >>> >>> Enabling CORS requests for all origins by default is not recommended and >>> certainly is a bad idea to enable it by default in the server. Users should >>> enable it if they want CORS by themselves, per webapp. It can be a security >>> concern otherwise AFAIK. >>> >>> But this gives an opportunity to add to documentation on how users can >>> enable CORS. Were you able to test this out and see ?. >>> >>> thanks, >>> >>> On Mon, Feb 16, 2015 at 10:53 PM, Gimantha Bandara <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> We have hosted a jaxrs webapp in BAM 3.0 which is used for analytics. >>>> Sometimes when we try to send a DELETE request, we receive the status code >>>> 403, which we didn't really implemented to return. while searching for >>>> clue, I found that the cross-origin resource filters(CORS filters) are not >>>> set properly. We can set these filters either in webapp's web.xml or in >>>> carbon server's tomcat web.xml to overcome the issue as shown below. >>>> >>>> <filter> >>>> <filter-name>CorsFilter</filter-name> >>>> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> >>>> *<init-param>* >>>> * <param-name>cors.allowed.origins</param-name>* >>>> * <param-value>*</param-value>* >>>> * </init-param>* >>>> *<init-param>* >>>> * <param-name>cors.allowed.methods</param-name>* >>>> * >>>> <param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE,PATCH</param-value>* >>>> * </init-param>* >>>> </filter> >>>> <filter-mapping> >>>> <filter-name>CorsFilter</filter-name> >>>> <url-pattern>/*</url-pattern> >>>> </filter-mapping> >>>> >>>> So should these init-params be included by default in the pack? if so, >>>> what will be the best place to add them ( in webapps' web.xml or in >>>> conf/tomcat/web.xml)? >>>> >>>> Thanks, >>>> -- >>>> Gimantha Bandara >>>> Software Engineer >>>> WSO2. Inc : http://wso2.com >>>> Mobile : +94714961919 >>>> >>> >>> >>> >>> -- >>> Supun Malinga, >>> >>> Senior Software Engineer, >>> WSO2 Inc. >>> http://wso2.com >>> email: [email protected] <[email protected]> >>> mobile: +94 (0)71 56 91 321 >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "WSO2 Documentation" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/a/wso2.com/d/optout. >>> >> >> >> >> -- >> Nilmini Perera >> >> Senior Technical Writer >> WSO2 Inc. >> >> Mobile: 0094776722152 >> >> > > > -- > Gimantha Bandara > Software Engineer > WSO2. Inc : http://wso2.com > Mobile : +94714961919 > > -- > You received this message because you are subscribed to the Google Groups > "WSO2 Documentation" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/a/wso2.com/d/optout. > -- *Kasun Gajasinghe*Senior Software Engineer, WSO2 Inc. email: kasung AT spamfree wso2.com linked-in: http://lk.linkedin.com/in/gajasinghe blog: http://kasunbg.org
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
